Anyone using SSH key authentication only, instead of password authentication only for server connections?
Reason I ask is, cPanel are now recommending it as opposed to password connections, as it should defeat / prevent brute-force attacks.
I attached a service node to PPA using public key by following [URL] ....
But when I check tasks, Configure PA agent on node 'ip-10-0-0-24' fails with message: SSH communication error: SSH auth via password failed
I correctly configured ssh by pub keys. I can SSH into service node with ip 10.0.0.2 from PPA management node without any issue.
Licence: PPA.03119864.0000
I am using Exim4.
Please guide me that how to set domainlevel auth without relay?
I am trying to get Exim + postfixAdmin working with auth. I know its possible, im just making a silly error somewheres.
Currently i have this in my exim.conf
Code:
auth_plain:
driver = plaintext
public_name = PLAIN
server_condition = ${lookup mysql{SELECT `username` FROM
`mailbox` WHERE `username` =
'${quote_mysql:$auth2}' AND `password` =
'${quote_mysql:$auth3}'}{yes}{no}}
server_prompts = :
server_set_id = $auth2
auth_login:
driver = plaintext
public_name = LOGIN
server_condition = ${lookup mysql{SELECT `username` FROM
`mailbox` WHERE `username` =
'${quote_mysql:$auth1}' AND `password` =
'${quote_mysql:$auth2}'}{yes}{no}}
server_prompts = Username:: : Password::
server_set_id = $auth1
auth_cram_md5:
driver = cram_md5
public_name = CRAM-MD5
server_secret = ${lookup mysql{SELECT `password` FROM
`mailbox` WHERE `username`
= '${quote_mysql:$auth1}'}{$value}fail}
server_set_id = $auth2
If I edit the mysql query to not check against the password, it auths. If i add the password check in, fails.. I cant seem to build a proper query.
Info
USER:test@rackbyte.com
PASS:test
PASS IN MYSQL: $1$a4c01247$Np/5HoaeQfe/.IS8flWxe0
Exim: 4.64
Postfix: 2.2.1.1
is it possible to set Auth .htpasswd if a specific file and not the directory. example admin access [url]and a Auth User/Pass window appears. I need for /sec/ to be unprotected for image loading so a complete directory protection is not an option.
View 3 Replies View RelatedI'd like to describe an issue and see if this sounds familiar to anyone, or if there is a solution that I have not thought of yet.
CAUSE: My ISP (yeah, it's comcast) began blocking port 25 inbound so my personal mail server was no longer receiving mail.
RESOLUTION: I worked through a new DNS re-router to change the port that would now receive mail: from port 25 to port 587. It took me a while to get the routes pointed correctly, but I finally got the messages to route, get through my firewall, and hit the mail server.
NEW PROBLEM: After some IP and DNS routing issues, I finally got things to work, the email that gets sent finally arrives at my mail server. However, the mail server (Alt-N MDaemon) now requires AUTH from the incoming DNS re-direct.
BIG QUESTION: How do I configure MDaemon mail server (or any other mail server, for that matter) to accept the mail from the new re-route server? Mail now re-directed to the new port ALWAYS comes from that route (mx-routes01.editdns.net). Where in the configuration settings of MDaemon do I set it up? I've tried including the host name and the IP address into every WhiteList list I can find, added it to the trusted host name list and everything. I'm at a loss, since it's impossilbe to configure the re-route server to provide AUTH credentials to my mail server. MDaemon now replys to every mail reuqest with : 530
Authentication required (in reply to MAIL FROM command)
My sendmail.mc file has:
Quote:
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
Telnet output is:
Quote:
% telnet localhost 25
Trying 127.0.0.1...
Connected to localhost
Escape character is '^]'.
220 local.sendmail.ORG ESMTP Sendmail 8.10.0/8.10.0; Thu, 9 Sep 1999 10:48:44 -0700 (PDT)
ehlo localhost
250-local.sendmail.ORG Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-DSN
250-AUTH DIGEST-MD5 CRAM-MD5
250 HELP
quit
But users cannot send email using the server as outgoing mail server with
their user names and passwords.
It says:
Quote:
Relaying denied. Proper authentication required.
Forbidden You don't have permission to access /_vti_bin/_vti_aut/author.exe on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
I have done the following: uninstalled /re installed extensions via whm (same error)
.htaccess is default frontpage's code only, nothing else
/scripts/chownpublichtmls
dns zone propagated fully, correct (today)
.htaccess file:
Code:
# -FrontPage-
IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*
<Limit GET POST>
order deny,allow
deny from all
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
AuthName www.domain.com
AuthUserFile /home/user/public_html/_vti_pvt/service.pwd
AuthGroupFile /home/user/public_html/_vti_pvt/service.grp
I'm trying to get exception from auth (.htpasswd ) for one specific URL, but seems, that it does not work with my Rewriting rules. Disabling RewriteEngine solving auth problem. My .htaccess:
Code:
SetEnv APPLICATION_ENV development
# Rewrite
RewriteEngine On
RewriteBase /
# ZEND
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
[Code] .....
This is a fresh installation in AWS using AMI for Plesk 12.
When installed with Dovecot I got this error when trying to login to mail:
Jun 28 12:23:44 server1 dovecot: imap-login: Disconnected (auth failed, 1 attempts in 2 secs): user=<someuser@xxxxx.com>, method=DIGEST-MD5, rip=127.0.0.1, lip=127.0.0.1, secured, session=<mfryjpUZdgB/AAAB>
If I switch to Courier works perfect:
Jun 28 12:35:53 server1 courier-imapd: Connection, ip=[::ffff:127.0.0.1]
Jun 28 12:35:53 server1 courier-imapd: LOGIN, user=someuser@xxxxx.com, ip=[::ffff:127.0.0.1], port=[35677], protocol=IMAP
Jun 28 12:35:53 server1 courier-imapd: LOGOUT, user=someuser@xxxxx.com, ip=[::ffff:127.0.0.1], headers=0, body=0, rcvd=52, sent=156, time=0
In normal servers or under Virtuozzo (formerly Parallels Cloud Server) Dovecot works without problem.
I've been trying to set up Postfix to send email for the past few days. I've managed to get it to ask for a username and password, in order to try and send mail to an external domain
I can receive email fine on the server, but I can't send email out
Here is my main.cf file
Code:
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
data_directory = /var/lib/postfix
unknown_local_recipient_reject_code = 550
mynetworks = 127.0.0.0/8 192.168.3.0/24
smtpd_recipient_restrictions = permit_mynetworks permit_inet_interfaces permit_sasl_authenticated reject_unauth_destination
mynetworks_style = class
smtpd_sasl_auth_enable = yes
allow_untrusted_routing = yes
relay_domains =
smtpd_client_restrictions = permit_mynetworks permit_inet_interfaces
smtpd_sasl_application_name = smtpd
smtpd_sasl_local_domain = $mydomain
smtp_sasl_mechanism_filter = !plain, static:rest
broken_sasl_auth_clients = yes
smtp_sasl_mechanism_filter = login
myorigin = literatifoundation.org
mydomain = literatifoundation.org
myhostname = literatifoundation.org
mydestination = $myhostname, localhost.$mydomain, $mydomain
When I try to login to send the email, it doesn't accept the password.
I have Cpanel, with the "Prevent Nobody from sending emails" in the WHM>Tweak Settings enabled.
I want to force sendmail to use SMPT auth.. so that all mails sent are sent via SMPT and an authenticated POP user.
I guess this will help in limiting the "The maximum each domain can send out per hour" setting.
I just migrated from a CentOS 5 server with Plesk 11.5 to a new server with CentOS 6.6 Plesk 12.
All customers, resellers, domains, subscriptions and even FTP users have been migrated fine (great tool btw).
There's only one thing what I cannot get to work on the new server: FTPs (TLS/SSL), this always results in "AUTH not understood".
The security and FTP settings are exactly the same as the old server (where FTPs worked fine), so I guess something is missing on the server.
What can I do to have a proper working FTPs with TLS/SSL?
Ubuntu 14.04 with Plesk 12 (10 Domain License).Using this for mail only... multiple domains.Postfix and Dovecot installed. Trying to figure out how to do:
- SASL Auth (Dovecot)
- TLS
- want above two to be mandatory... no plain text auth and no unencrypted connections.
How do I achieve this with Plesk 12?I have found countless how-to's about doing this with Vanilla (non Plesk) installs with the same server software. However, Postfix main.cf and master.cf both appear to have specific Plesk modificatuons. Same thing for the related Dovecot conf files... also have Plesk specific modifications.
I see no way to enable the desired settings from the Plesk Panel. Can't achieve this within the Panel but also can't modify the conf files without potentially breaking some Plesk-specific functionality? My original hope in purchasing the Plesk license was to make administration of the mail server easier. Unfortunately, I'm struggling to do this now and may have already had this figured out had I not bothered with the Panel.
I use Basic Auth to limit access to a web site. This seems to work ok. I noticed though in the logs that the logged in user is not logged:
80.....188 - - [16/Jul/2013:09:56:29 +0200] "GET ..." 200 1844 "...." " ...
I would expect the second - to be replaced by the logged in user. The doc says, the user is logged if the document is protected. I do protect the whole directory using directory match. Without log in I fail to retrieve the document in question.
I've just setup CentOS 6.6 with Plesk at my Hoster OVH. Now when I want to connect to the smtp server I get following message:
Code:
SASL LOGIN authentication failed: encryption needed to use mechanism
SASL auth is enabled in the main.cf also submission. I connect to tls://smtp.example.com:587 with my email and password.
Everyday after Backup Panel (Tasks from Backup Manager), I receive next error:
<?xml version="1.0" encoding="utf-8"?>
<execution-result status="error">
<object name="domain.ru" type="domain">
<message severity="error" id="416a91ad-e5e7-480b-b6b4-a60157b8eaae" code="InformationalException">
<description>Could not find password for account id '2648'. Return empty password</description>
</message>
</object>
</execution-result>
Resolve -> only reconfigure domain. How can I automatic fix this problem?
today i changed the password for the admin panel for a customer (username eg. mylogin). 10 minutes later he called me and said that he cannot get into his emailaccount anymore. Checked the password and saw that the emailpassword for his emailaddress (eg. mylogin@mydomain.com) is now the same from the admin panel login. So i changed the emailpassword and checked the admin panel login - it now has the emailpassword. What a mess.. I'm running Plesk Panel 11.5.30 MU47.
View 1 Replies View RelatedHow to change the Password of my FTP?
I know how to change the pwd. of cPanel, but I don't know how to change the pwd. of FTP?
there is anyway to know the password of 1 user on cPanel knowing the root password?
View 5 Replies View Relatedabout MY-SQL Password Security!
my Server is : CentOS and my control panel is : Cpanel
my Freand have a mySQL password, but he donot know ROOT Password ( i change root password )
my Freand is a bad Boy )
can he attack Mysql or Mysql user by mysql password?
if he can attack server by Mysql password please help me about change Mysql password by CPANEL
I have debian 3.1 sarge and 2.6.19-grsec kernel.
I have successfully changed a shell user password but I cannot login with it via ssh cos its says wrong pass (with previous password can login) as well as any other users pass says wrong pass after a change.
i want to build my 2nd server later,
i get a problem,
i wonder how can not manage my password,
i can set them all the same? or differnet?
the same: will it too dangerous?
different: it may hard to save the password.
I am transfering my database to a new host and well I need to create the same database (same name and username) along with the same password I used before (because a script im using is connected to it) then import the old .SQL files.
However I dont know how I can find out the current password linked to that database (When you create one it asks you for a password remember?) Anyclue how to find it out? I cant change it I need to know what it is still.
I am using cPANEL
do you set grub passwords?
what problems could i be facing if i skip that, i'd guess one cannot access file system via some grub parameters,
it can only be used to lower performance?
