ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login
    1. Home
    2. Tags
    3. linux
    Log in to post
    • All categories
    • EddieJenningsE

      sssd and user ID mapping

      IT Discussion
      • linux sssd authentication ad active directory • • EddieJennings
      14
      0
      Votes
      14
      Posts
      203
      Views

      Pete.SP

      @stacksofplates said in sssd and user ID mapping:

      @Pete-S said in sssd and user ID mapping:

      @Semicolon said in sssd and user ID mapping:

      @Pete-S If it is an issue, its trival enough to prevent public key authentication for users or groups of users, even groups of AD users.

      Sure, but the problem for developers and admins is that they usually need their keys. That's why I don't think ad/ldap integration with ssh users really works in that use case.

      The other solution, which is what I think is more suitable for developers and admins, is to use your SSO/AD solution with MFA to pickup a short-lived ssh certificate. Then you use the ssh certificate to actually access things.
      Many companies with huge infrastructures use this method because it's very scalable.

      We forced kerberos for SSH auth after wen enabled AD integration. SSH works like keys then but you don't use the keys.

      Never used it but it seems to be a good solution if you want AD integration.

      I noticed that gitlab also supports kerberos for pushing and pulling. I assume github does too. That's very convenient.

    • scottalanmillerS

      Remote Access to Ubuntu 23.04 Lunar Lobster with KVM Child Process Has Exited | MeshCentral Error

      IT Discussion
      • linux ubuntu ubuntu 23.04 lunar lobster xorg wayland unix gdm3 gdm • • scottalanmiller
      2
      2
      Votes
      2
      Posts
      146
      Views

      PhlipElderP

      Side question: When does 23.04 get moved into LTS mode?

    • scottalanmillerS

      What Happens If You Alias An Entire Domain in Postfix Email Server?

      IT Discussion
      • postfix email linux ubuntu rhel centos debian • • scottalanmiller
      1
      0
      Votes
      1
      Posts
      69
      Views

      No one has replied

    • scottalanmillerS

      Find Windows OEM Key License from Linux

      IT Discussion
      • linux windows cli command line • • scottalanmiller
      4
      5
      Votes
      4
      Posts
      225
      Views

      whitecatW

      LOL...absolutely!

      SAM...making IT better for humans...have an extra avatar on us....

    • scottalanmillerS

      Allow Binaries on Linux to Run on Well Known Privileged Ports

      IT Discussion
      • linux debian ubuntu • • scottalanmiller
      10
      0
      Votes
      10
      Posts
      104
      Views

      scottalanmillerS

      @Obsolesce said in Allow Binaries on Linux to Run on Well Known Privileged Ports:

      @Pete-S said in Allow Binaries on Linux to Run on Well Known Privileged Ports:

      If you search for net_bind you would assume it would find both these post but it finds nothing.

      It seems to only search "words", and that isn't a word or part of a word.

      That does seem to be the case. It's not smart at all.

    • scottalanmillerS

      Linux Command Line Humble Bundle | I Got In!

      IT Discussion
      • linux • • scottalanmiller
      1
      3
      Votes
      1
      Posts
      97
      Views

      No one has replied

    • OksanaO

      A Sure-Fire Way to Backup ZFS Partitions With Veeam

      Starwind
      • starwind veeam linux backup zfs virtualization virtual machine • • Oksana
      1
      0
      Votes
      1
      Posts
      64
      Views

      No one has replied

    • scottalanmillerS

      ProxMox: Set VM to AutoStart from Command Line CLI Start

      IT Discussion
      • qm proxmox kvm command line cli linux debian • • scottalanmiller
      5
      1
      Votes
      5
      Posts
      176
      Views

      scottalanmillerS

      @Pete-S said in ProxMox: Set VM to AutoStart from Command Line CLI Start:

      Nice but it's even easier with pure kvm as you don't have to go the roundabout way of using VMid.

      virsh autostart somevm

      Personally I find the number quite a bit easier.

    • scottalanmillerS

      Bind Linux Process to Well Known Web Ports When Not Root

      IT Discussion
      • linux centos rhel ubuntu fedora arch suse mint • • scottalanmiller
      2
      2
      Votes
      2
      Posts
      132
      Views

      Pete.SP

      @scottalanmiller said in Bind Linux Process to Well Known Web Ports When Not Root:

      If you have ever tried to run a user space program on Linux with a port below 1024 you know that this is a security problem and you are not allowed to do so. There is a simple fix for this, but it is not well known.

      Once you know the binary that you will be using to open the low number (well known) port you can use this command to grant it permission to use these ports without otherwise compromising security.

      setcap cap_net_bind_service+ep /my/binary/file

      Now you can run your application. This is most commonly used for user space web applications that want to use port 80 or 443 without requiring that you run a reverse proxy in front of them.

      Good to know!

      I found this as an example of how to use it and also commands to remove the permission:
      https://cwiki.apache.org/confluence/display/HTTPD/NonRootPortBinding

      The setcap utility seems to be available in the libcap2-bin package on debian distros.

      I haven't checked if it's installed by default.

    • scottalanmillerS

      ProxMox 6 to 7 Upgrade pve-apt-hook error Remove proxmox-ve

      IT Discussion
      • proxmox debian linux • • scottalanmiller
      2
      0
      Votes
      2
      Posts
      490
      Views

      scottalanmillerS

      It's an easy fix. Sometimes the directions for the upgrade don't account for the source location of the APT REPO for ProxMox. Check your /etc/apt files and see where your repo is configured. If you are going from Buster to Bullseye for example, make sure that you have this line somewhere and the error should go away...

      deb http://download.proxmox.com/debian/pve bullseye pve-no-subscription
    • OksanaO

      Rocky Linux Upgrade: From 8.x to Rocky Linux 9.0

      Starwind
      • starwind rocky linux linux • • Oksana
      1
      1
      Votes
      1
      Posts
      195
      Views

      No one has replied

    • scottalanmillerS

      Debian Packages Not Trusted, APT Linux

      IT Discussion
      • debian debian 11 apt apt-get apt-secure linux • • scottalanmiller
      16
      0
      Votes
      16
      Posts
      265
      Views

      scottalanmillerS

      Thanks, we are up and running again!

    • OksanaO

      Enhance Your Hybrid Cloud Environment Security with SSSD

      Starwind
      • starwind sssd linux vms active directory • • Oksana
      1
      1
      Votes
      1
      Posts
      64
      Views

      No one has replied

    • Pete.SP

      Turn server into backup storage for remote servers?

      IT Discussion
      • backup object storage repositories linux • • Pete.S
      18
      1
      Votes
      18
      Posts
      351
      Views

      Pete.SP

      @Yonah-S said in Turn server into backup storage for remote servers?:

      @Pete-S have you thought of selling it? there is a big market right now for getting rid of old/unused hardware. Especially if you have any SSD's in there.

      Thanks, but we're keeping it. Just want to extract the maximum value out of it while it's occupying rack space 🙂

    • Pete.SP

      Utility that can load the CPU & RAM?

      IT Discussion
      • linux • • Pete.S
      2
      1
      Votes
      2
      Posts
      108
      Views

      scottalanmillerS

      There is a utility called stress for that. I've never used it myself. But here is a guide, should be easy.

      https://www.linuxshelltips.com/create-cpu-load-linux/

    • Pete.SP

      SSH jump server access control?

      IT Discussion
      • ssh acl jump server linux • • Pete.S
      34
      0
      Votes
      34
      Posts
      476
      Views

      V

      Youtube Video

    • Pete.SP

      Unsolved Save shell session to disk?

      IT Discussion
      • linux • • Pete.S
      14
      2
      Votes
      14
      Posts
      284
      Views

      JaredBuschJ

      @Pete-S said in Save shell session to disk?:

      That's why you should launch ssh like this:
      ssh [email protected] -t screen -RR
      If you don't have a session going it will create one.
      If you had a session going but it was interrupted, it will reconnect to it automatically.

      @JaredBusch said in Save shell session to disk?:

      I do not like to launch screen for no reason.

    • openitO

      SUSE Manager for managing CentOS and SUSE servers.

      IT Discussion
      • linux patching open source suse centos • • openit
      4
      0
      Votes
      4
      Posts
      241
      Views

      scottalanmillerS

      @travisdh1 said in SUSE Manager for managing CentOS and SUSE servers.:

      @openit said in SUSE Manager for managing CentOS and SUSE servers.:

      Hi there,

      Anyone of you ever came across SUSE Manager?

      While it is saying open source and it is letting to download evaluation copy with subscription key on email?

      I believe SUSE Manager kind product I'm looking, especially for patching CentOS and SUSE servers.

      Any clue?

      Why not use Ansible or Salt?

      These are what I'd generally recommend.

    • R

      Jitsi Meet auntenticacion does not work in latest version

      IT Discussion
      • linux docker jitsi meet security+ asterisk • • rickygm
      1
      0
      Votes
      1
      Posts
      227
      Views

      No one has replied

    • OksanaO

      Operate Linux Servers via Cockpit GUI

      Starwind
      • starwind cockpit linux linux server • • Oksana
      2
      2
      Votes
      2
      Posts
      237
      Views

      scottalanmillerS

      I love Cockpit, it's so comfortable to use.

    • 1
    • 2
    • 3
    • 4
    • 5
    • 74
    • 75
    • 1 / 75