#StackBounty: #macos #ssh #macos-mojave #syslog How to get SSH logs and send to remote syslog server in macOS?

Bounty: 50

On Linux, I can get sshd logs such as:

sshd Accepted publickey for user from xxx.xxx.xxx.xxx port xxx ssh2: RSA SHA256:.....

and send them to a remote syslog server by adding a file in /etc/rsyslog.d/

How can I get similar data on MacOS 10.14 (Mojave), and also have macOS send the data to a remote syslog server?

I can get the data I want using this command:

log stream --process sshd --info --predicate "messageType = 'info'"

Now need to figure out how to configure ASL (Apple System Logger).


Get this bounty!!!

#StackBounty: #ssh #ftp #mac-osx #unix #sftp How to set seprate current directory for sftp in macos?

Bounty: 50

On my macos i am able to login to sftp as sftp localhost. When i run !pwd it shows me default directory is /Users/username but i want to change it /Users/username/Sites/wordpress.

I edited /etc/ssh/sshd_config file & added below lines at bottom of file

Match User username
       X11Forwarding no
       AllowTcpForwarding yes
       PermitTTY yes
       PasswordAuthentication yes
       ChrootDirectory /Users/username/Sites/wordpress

But when i again try to login with sftp localhost after password prompt it gives me error as below

client_loop: send disconnect: Broken pipe
Connection closed 

Please tell me how can fix this error ?


Get this bounty!!!

#StackBounty: #linux #ssh #firewall #docker #redis ssh connection timed out, why sudo service sshd restart resolves it?

Bounty: 50

I have a little tricky behavior I can’t explain. I have a virtual machine running Ubuntu 18.04.4, docker19.03.6and arediscontainer. Hosted on aWindows 2019` Hyper-V machine.

There’s a second virtual machine (same network but different physical server) running W2k19 and a redis-client connecting to the redis instance.

Due to bad configuration from time to time redis overwhelms the Ubuntu machine, using too much memory, and producing thousands of *connection timed out* exception in the redis-client.

When this happens, all connections between machines stop working. If I try to connect via ssh from the W2k19 machine to Ubuntu or using telnet from the same machine on any port, I get a *connection timed out*.

Like if something on the Linux machine did an auto ban of the IP address of the w2k19 machine. From any other machine I can connect via ssh, telnet and so on.

  • Ufw is turned off
  • We dont’t have fail2baninstalled
  • iptables is configured with all ports open

But we still can’t connect. We reproduced the behavior on another machine, a second VM with W2k19 and the same redis-client.

What we found out would reestablish the connections between those machine was a restart of the ssh service on the Ubuntu machine combined with a reboot of the W2k19 machine.

Just the single sudo service sshd restart is not enough, and just a reboot of the W2k19 machine is not enough. I can’t figure out what’s going on, and we cannot accept as a standard procedure in these cases to restart the ssh service and reboot the machine.

But so far we are not being able to figure out what rule/configuration whatsoever is blocking the connections. It has to do something with the ssh service probably, since restarting it does contribute to restore the connections, but how?

And why restarting the ssh service (and rebooting the W2k19 machine) is actually unblocking the connection to the redis 6379 port?


Get this bounty!!!

#StackBounty: #18.04 #ssh #xorg #docker #x11-forwarding X11 over remote Docker container stops working after resetting VPN

Bounty: 50

I’m running on ubuntu 18.04, with a “operator” machine VPN’ed into a network that has the “Test” machine.

The test machine runs a Docker container that has a GUI application that I forward over X11. I use SSH on the operator machine to SSH into the test machine. Then, I run the Docker container. Normally, the GUI shows up on my “operator” machine when I run the Docker container.

However, I’ve noticed that as soon as I disconnect my VPN and reconnect,I get a “Could not connect to display $DISPLAY” error.

I would need to create a new container from the image to have the X11 working again.

Here is how I launch it:

SOCK=/tmp/.X11-unix
XAUTH=/tmp/.docker.xauth
xauth nlist $DISPLAY | sed -e 's/^..../ffff/' | xauth -f $XAUTH nmerge -
chmod 777 $XAUTH
sudo docker run  --gpus all -it --privileged --network=host -e DISPLAY=$DISPLAY -v $XSOCK:$XSOCK -v $XAUTH:$XAUTH -e XAUTHORITY=$XAUTH  image

Nothing changed on the “test” machine or docker container in this situation. Even if the VPN reconnect assigned me the same IP as prior, it would still have this issue.


Get this bounty!!!

#StackBounty: #ssh #permissions #applescript #macos-catalina Allow ssh-keygen-wrapper to access “System Events” for all users in the sa…

Bounty: 100

When I run my AppleScript in a remote mode, I get this message in an user where the script runs:

“sshd-keygen-wrapper“ wants access to control “System Events“. Allowing control will provide access to documents and data in “System Events“, and to perform actions within that app.

Is it possible to allow ssh-keygen-wrapper to access System Events for all users in the same computer ONLY once, i.e. each new user in this computer doesn’t need to allow this ssh-keygen-wrapper again?

It doesn’t matter if it’s a manual or programming solution.


Get this bounty!!!

#StackBounty: #networking #ssh #openssh kex_exchange_identification: read: Connection reset by peer. Connection works on other NIC/subnet

Bounty: 50

I re-installed a VM (CentOS7) and now I get this error. The VM has two adapters that are on different subnets.
Funny enough ssh worked fine on one subnet after fixing the expected MITM warning.

ssh -v shows:

OpenSSH_8.0p1, OpenSSL 1.1.1c  28 May 2019
debug1: Reading configuration data /home/user/.ssh/config
debug1: /home/user/.ssh/config line 6: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: resolving "foreman" port yy
debug2: ssh_connect_direct
debug1: Connecting to foreman [xxx.xxx.xxx.xxx] port yy.
debug1: Connection established.
debug1: identity file /home/sam/.ssh/id_rsa type 0
debug1: identity file /home/sam/.ssh/id_rsa-cert type -1
debug1: identity file /home/sam/.ssh/id_dsa type -1
debug1: identity file /home/sam/.ssh/id_dsa-cert type -1
debug1: identity file /home/sam/.ssh/id_ecdsa type -1
debug1: identity file /home/sam/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/sam/.ssh/id_ed25519 type -1
debug1: identity file /home/sam/.ssh/id_ed25519-cert type -1
debug1: identity file /home/sam/.ssh/id_xmss type -1
debug1: identity file /home/sam/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.0
kex_exchange_identification: read: Connection reset by peer

I’ve tried

  • Rebooting
  • removing the known_hosts file
  • checked /etc/ssh/ssh_config on the client (no deviation from maintainer version)
  • checked /etc/ssh/sshd_config on the server (no deviation from maintainer version)
  • stopping the firewalld
  • checked permissions on .ssh/ and authorized_keys
  • checked blacklist and whitelist (nothing there, only comments) (hosts.deny|hosts.allow)

I’m not sure if it’s relevant, but the client is running arch linux

So, again to clarify
The server has two ip addresses 172.x.x.x and 192.x.x.x
ssh works for 172.x.x.x but does not for 192.x.x.x


Get this bounty!!!

#StackBounty: #18.04 #ssh #remote-desktop #remote #remmina Configure Remmina or other GUI control app through ssh without X forwarding

Bounty: 50

Due to the COVID-19 crisis, I only have access to my work computer through ssh (so no physical access). Since I connect to this computer through another one that does not allow X forwarding, I can not forward X.

I now need to control an app that does not allow me to do so by just using the terminal.

The best option that comes to my mind (I accept suggestions) is using Remmina, but I need to be able to start it and configure it remotely through ssh.

Whenever I try to start Remmina through ssh it throws an error due to unavailability of X forwarding.


Get this bounty!!!

#StackBounty: #18.04 #ssh #remote #remmina Configure Remmina or other GUI control app through ssh without X forwarding

Bounty: 50

Due to the COVID-19 crisis, I only have access to my work computer through ssh (so no physical access). Since I connect to this computer through another one that does not allow X forwarding, I can not forward X.

I now need to control an app that does not allow me to do so by just using the terminal.

The best option that comes to my mind (I accept suggestions) is using Remmina, but I need to be able to start it and configure it remotely through ssh.

Whenever I try to start Remmina through ssh it throws an error due to unavailability of X forwarding.


Get this bounty!!!

#StackBounty: #ssh #windows-server-2008-r2 #sftp SSH Connection was slow on windows server

Bounty: 50

I try to use OpenSSH to setup SFTP on Windows Server 2008R2.
It can be used but the connection was really slow. It takes around 4+ minutes to make a connection.

By the way, I use local window users for authentication with a password.

I also try to set UseDNS to No and also change to user only IPv4 but it makes no difference at all.

It’s also slow when I try this “ssh -vvv username@localhost” on the server itself.

from the logs, I found that it takes a long time after “preauth child monitor started” line.

Does anyone have any idea about this? Thank you very much for your help.

5528 2020-05-22 19:16:25.119 debug3: unable to load module api-ms-win-security-lsapolicy-l1-1-0.dll at run time, error: 193
5528 2020-05-22 19:16:25.119 debug3: unable to load module api-ms-win-security-lsapolicy-l1-1-0.dll at run time, error: 193
5528 2020-05-22 19:16:25.119 debug3: unable to load module api-ms-win-security-lsapolicy-l1-1-0.dll at run time, error: 193
5528 2020-05-22 19:16:25.166 debug3: unable to load module api-ms-win-security-lsapolicy-l1-1-0.dll at run time, error: 193
5528 2020-05-22 19:16:25.197 debug3: unable to load module api-ms-win-security-lsapolicy-l1-1-0.dll at run time, error: 193
5528 2020-05-22 19:16:25.197 debug3: spawning "C:\Program Files\OpenSSH-Win64\sshd.exe" -y
5528 2020-05-22 19:16:25.197 debug2: Network child is on pid 8040
5528 2020-05-22 19:16:25.213 debug3: send_rexec_state: entering fd = 6 config len 602
5528 2020-05-22 19:16:25.213 debug3: ssh_msg_send: type 0
5528 2020-05-22 19:16:25.213 debug3: send_rexec_state: done
5528 2020-05-22 19:16:25.213 debug3: ssh_msg_send: type 0
5528 2020-05-22 19:16:25.213 debug3: ssh_msg_send: type 0
5528 2020-05-22 19:16:25.213 debug3: preauth child monitor started
8040 2020-05-22 19:17:33.590 debug3: recv_idexch_state: entering fd = 3
8040 2020-05-22 19:17:33.590 debug3: ssh_msg_recv entering
8040 2020-05-22 19:17:33.590 debug3: recv_idexch_state: done
8040 2020-05-22 19:17:33.590 debug2: fd 5 setting O_NONBLOCK
5528 2020-05-22 19:17:33.590 debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
5528 2020-05-22 19:17:33.590 debug3: send packet: type 20 [preauth]
5528 2020-05-22 19:17:33.590 debug1: SSH2_MSG_KEXINIT sent [preauth]


Get this bounty!!!