Edit /etc/pam.d/ssh and add
account required pam_access.so
Then add
+ : ALL : 192.168.
+ : obamab : ALL
- : ALL : ALL
This will allow ALL id's on 192.168.x.x
and only obamab id from ALL hosts
and then deny anything else
Wednesday, November 5, 2008
Monday, November 3, 2008
Add vnc port to iptables
[root@dwmythp4 ~]# iptables -L INPUT --line-numbers
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
2 ACCEPT icmp -- anywhere anywhere
3 ACCEPT all -- anywhere anywhere
4 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
5 REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
[root@dwmythp4 ~]# iptables -I INPUT 5 -p tcp --destination-port 5801 --source 192.168.187.0/24 -j ACCEPT
[root@dwmythp4 ~]# iptables -I INPUT 5 -p tcp --destination-port 5901 --source 192.168.187.0/24 -j ACCEPT
[root@dwmythp4 ~]# iptables -L INPUT --line-numbers
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
2 ACCEPT icmp -- anywhere anywhere
3 ACCEPT all -- anywhere anywhere
4 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
5 ACCEPT tcp -- 192.168.187.0/24 anywhere tcp dpt:5901
6 ACCEPT tcp -- 192.168.187.0/24 anywhere tcp dpt:5801
7 REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
2 ACCEPT icmp -- anywhere anywhere
3 ACCEPT all -- anywhere anywhere
4 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
5 REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
[root@dwmythp4 ~]# iptables -I INPUT 5 -p tcp --destination-port 5801 --source 192.168.187.0/24 -j ACCEPT
[root@dwmythp4 ~]# iptables -I INPUT 5 -p tcp --destination-port 5901 --source 192.168.187.0/24 -j ACCEPT
[root@dwmythp4 ~]# iptables -L INPUT --line-numbers
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
2 ACCEPT icmp -- anywhere anywhere
3 ACCEPT all -- anywhere anywhere
4 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
5 ACCEPT tcp -- 192.168.187.0/24 anywhere tcp dpt:5901
6 ACCEPT tcp -- 192.168.187.0/24 anywhere tcp dpt:5801
7 REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Sunday, November 2, 2008
Gnome Keyring
It keeps saying
The application 'NetworkManager Applet'
wants access to the default keyring but it is locked
You have to install gnome-keyring-manager which isn't installed by default, then create new keyring with a known password.
The application 'NetworkManager Applet'
wants access to the default keyring but it is locked
You have to install gnome-keyring-manager which isn't installed by default, then create new keyring with a known password.
Subscribe to:
Posts (Atom)