**** BEGIN LOGGING AT Thu Sep 27 02:59:57 2007 Sep 27 18:37:57 hello, just bought a nslu2 and plugged it in Sep 27 18:38:11 anyone around to help a new kid? Sep 27 18:38:53 pc runs ubuntu 7.04 ..... was expecting the slug to show in Windows Network but no luck so far.... Sep 27 18:39:09 have tried with known good ethernet cable Sep 27 18:39:16 will try with smaller disk drive next Sep 27 18:42:40 how do you start config / browse config if on linux and not using windows set up utility as on cd? Sep 27 18:45:20 ok nobody ...... time to read manual! Sep 27 20:29:28 ... Ok, here is an embarrassing situation ... I broke my index.cgi file :) any chance I can restore it with out reflashing ? Sep 27 20:32:35 ... any ideas? Sep 27 20:44:08 which firmware? Sep 27 20:44:57 The latest ones... Sep 27 20:45:01 let me check :) Sep 27 20:45:13 6.8 beta Sep 27 20:45:31 copy it from /initrd/home/html.... Sep 27 20:45:57 Wow :) That simple? :) Thanks a lot Sep 27 20:46:04 np Sep 27 21:34:21 where to I find access logs on the slug using unlsung? Sep 27 21:34:46 my slug is blinking, indicating it is being accessed, but by who? Sep 27 21:39:14 any help would be much appreciated, since there is some wierd activity going on in the box... Sep 27 21:48:51 check /var/log and/or /opt/var/log Sep 27 21:56:49 caplink811-log: I discovered somebody is trying to hack the box.... somehow they are getting through my firewall at all these wierd ports Sep 27 21:58:29 you should disconnect it from the inet asap Sep 27 21:58:49 It is configured with openssh... and I thought it was required to have the private key to login, but it responds with invalid user Sep 27 21:59:38 I shut it down for now Sep 27 22:00:43 you should use a different port tehn 22 Sep 27 22:00:48 s/tehn/then Sep 27 22:01:15 The other computer was connecting at wierd ports other than 22 Sep 27 22:01:41 somehow he bypassed my firewall and connected to ssh for authentication without the private key Sep 27 22:03:36 if i try to access my slug (which accepts only a key login) via ssh with a user, it results in nothing within the logfiles Sep 27 22:03:54 hmmm... Sep 27 22:04:26 I get this: Sep 27 22:04:35 <38>Sep 27 14:41:23 sshd[12618]: Failed password for invalid user shutdown from 121.254.168.181 port 52831 ssh2 Sep 27 22:04:35 <38>Sep 27 14:41:26 sshd[12621]: Invalid user shuttle from 121.254.168.181 Sep 27 22:04:35 <35>Sep 27 14:41:26 sshd[12621]: error: Could not get shadow information for NOUSER Sep 27 22:04:40 but using a portscanner on a known ip on all ports > 1024 is so easy Sep 27 22:05:13 hm, could you pastebin your sshd_conf? Sep 27 22:05:44 hm, 11 hours back, this is where in the world? Sep 27 22:06:24 i understand that they can use portscanner. I thought my firewall did a better job of blocking all incoming ports except for those I designated. Somehow it was not.... The second is I followed directions on the wiki here: http://www.nslu2-linux.org/wiki/HowTo/UseOpenSSHForRemoteAccess Sep 27 22:07:06 let me boot up the slug again and ifn the sshd.conf Sep 27 22:07:26 well, when someone would connect the port which you like to use/forward to your nslu then the router should this particular thing Sep 27 22:07:47 s/should/should do/ Sep 27 22:07:48 caplink811-log meant: well, when someone would connect the port which you like to use/forward to your nslu then the router should do this particular thing Sep 27 22:08:20 yes, but the log shows port 52831 which I did not request to be forwarded. Sep 27 22:08:34 there were numerous other ports too... Sep 27 22:08:50 I should double check my firewall with a port scanner next time Sep 27 22:10:01 now by following those directions on the wiki, is it expected that outsiders can attempt to brute force their way in assuming I had port 22 (openssh) and 443 (apache) open? Sep 27 22:11:25 I can't find sshd.conf or sshd_conf on the slug? Sep 27 22:11:25 hm, normaly your router should only forward those ports which you like to forward (by setup). are there other (untrusted) users/workstations in your local network? Sep 27 22:11:55 it is /opt/etc/openssh/sshd_config Sep 27 22:12:24 there are no other untrusted ones on the internal network of 192.168.x.x Sep 27 22:13:41 is there any sensitive information in the sshd_config file I should block out? Sep 27 22:15:51 is there a better place to paste the whole file in for you to view? It is ugly to paste it all into this chat room. Sep 27 22:16:40 see http://jrbnet.de/joomla/content/view/42/58/1/3/ , which is the minimal sshd_config which only works with keey files (miidle of the page) Sep 27 22:16:58 s/miidle/middle Sep 27 22:18:07 plcae to paste e.g. http://rafb.net/paste/ Sep 27 22:18:25 fat thumbs today :(... Sep 27 22:20:15 caplink811-log: see here for sshd_config: http://rafb.net/p/0Sy3GF55.html Sep 27 22:22:34 as i said something like this Sep 27 22:22:36 Port 22 Sep 27 22:22:36 PasswordAuthentication no Sep 27 22:22:36 PubkeyAuthentication yes Sep 27 22:22:36 #PermitRootLogin yes Sep 27 22:22:37 PermitEmptyPasswords no Sep 27 22:22:38 Subsystem sftp /opt/libexec/sftp-server Sep 27 22:22:51 should only work with keyfile Sep 27 22:23:23 because i don't know what are the default options which are compiled in Sep 27 22:23:28 Does a '#' in front of the line mean commented out? Sep 27 22:23:48 I see some with two # and others with #... Sep 27 22:23:57 also there isn't much without # in the file Sep 27 22:24:17 yeah, # is a comment sign Sep 27 22:24:31 as ## is too Sep 27 22:24:58 That is wierd, ther eis only two lines in the sshd_config file that isn't commented out: Sep 27 22:25:01 protocol 2 Sep 27 22:25:13 subsystem sftp /opt/libexec/sftp-server Sep 27 22:27:13 hm, so afair, sshd works without any modification on it config file with a user:password login Sep 27 22:28:16 the way I login, is I use putty and direct it to use my private key for authentication. Once it isconnected, I type in username and password Sep 27 22:28:39 I assumed that sshd would ignore any attempt at connecting with the private key Sep 27 22:28:53 I'm sorry, I mean without the private key Sep 27 22:30:33 when you use and configure it in the right way, it wont ask for your user:password, maybe it ask for your passphrase, but nothing more Sep 27 22:31:54 login as: root Sep 27 22:31:54 Authenticating with public key "root@****" Sep 27 22:31:54 Passphrase for key "root@****": Sep 27 22:32:13 so i guess it ask for a passphrase, I did not know they were different Sep 27 22:32:21 when you try the lines which i posted above, make sure, that you could connect via telnet if things went wrong Sep 27 22:33:46 passphrase is the phrase which you used to encrypted your private keyfile, that happens on your client pc, not on the server, so you have to decrypt your private keyfile (with the passphrase) before it's send to the server Sep 27 22:34:04 i see Sep 27 22:35:01 i got it a little confused, but now remembers setting the passphrase myself that was different than the password (which is used on telnet sessions) Sep 27 22:36:03 since there is not much in my sshd_config file, I should add the configuration you directed me and that might resolve the problem of sshd accepting connections without the private keyfile? Sep 27 22:36:57 probably yes, that is the line... PasswordAuthentication no Sep 27 22:38:50 hmmm... I see that the directions had this in it, but for some reason I neglected to follow it Sep 27 22:41:18 what would you suggest me do to secure the box? The only thing I need it for is mainly subversion configured for access with apache. Sep 27 22:44:17 activate the firewall on your router, and disallow as much as possible portforwardings into your internal network, that's it... Sep 27 22:44:42 is port triggering recommended? Sep 27 22:46:12 triggering aka knocking, dunno, myself forwards only one (high) port to one nslu, and then i'm able to tunnel connections to diffent servers (with putty and sshd) Sep 27 22:49:12 is there a way to configure the slug so that when anyone attempts to connect, it dispatches an email to me? Sep 27 22:51:49 maybe that something like fail2ban is able to do this, i'm not sure Sep 27 22:52:47 http://downloads.sourceforge.net/fail2ban Sep 27 22:52:58 forget the link Sep 27 22:53:58 i found it at fail2ban.org. however it requires python Sep 27 22:55:00 which is available as an ipk Sep 27 22:56:13 problem is, with svn and apache installed, i have like 1mb free memory left... will it even run Sep 27 22:57:16 sure, swap exists Sep 27 22:58:00 will it slow down considerably though while it is swapping? Sep 27 22:58:36 and linux != windows, linux uses all memory which is different to windows, which thinks, hm, hold 200MB free, maybe that sometimes an application requests this memory Sep 27 23:00:43 well, I'm thinking if there is too much stuff loaded and there are a lot of connections to apache the box might trash.... Sep 27 23:02:25 just try it out, maybe that it fits your needs (focus on speed) Sep 27 23:03:02 * caplink811-log heading to bed now, it is ~1:00 am in my tz, g8@all Sep 27 23:03:36 gn8, grmbl Sep 27 23:03:47 caplink811-log: thank you so much for your help!!! much appreciated! Sep 27 23:03:55 np :) Sep 27 23:24:48 hi! Sep 27 23:24:55 running unslung on my recently bought nslu2 Sep 27 23:25:05 I try to add users with uid 1000 and 1001 (matching my other machines), and it fails Sep 27 23:25:11 am I missing something? Sep 27 23:25:16 I'd like to use my USBdisk as is, reformatting is not an option **** ENDING LOGGING AT Fri Sep 28 02:59:56 2007