morphing topic: RE: paypal scam - tracing link

Rick Stevens rstevens at vitalstream.com
Tue Oct 31 01:12:07 UTC 2006 

On Mon, 2006-10-30 at 17:00 -0800, Bob Kinney wrote:
> 
> --- Rick Stevens <rstevens at vitalstream.com> wrote:
> 
> > On Mon, 2006-10-30 at 15:44 -0800, Bob Kinney wrote:
> > > 
> > > --- A.Fadyushin at it-centre.ru wrote:
> > > 
> > > > 
> > > > 6) If you are using SSH you can completely disable SSH password
> > > > authentication and use keys (protected by password on your local
> > > > workstation) to log in. In this case it would be impossible to guess you
> > > > password by attempting to login into server via SSH. In this case the
> > > > server does not use the password for authentication and the key
> > > > protection password newer exists outside your workstation.
> > > 
> > > 
> > > I like this idea--minimum 128-bit "passwords".  Can you point to a 
> > > how-to link?
> > 
> > Simply generate a DSA or RSA key on your local machine:
> > 
> > 	$ ssh-keygen [-t dsa]
> > 
> > By default, ssh-keygen creates a RSA keys.  Then tack the contents of
> > the ~/.ssh/id_dsa.pub (or id_rsa.pub) file to the end of the
> > "~./ssh/authorized_keys" file on the destination machine.
> > 
> > You can then turn off password authentication on the target machine and
> > it'll only use the keys in the authorized_keys file.
> 
> 
> So how would I "carry," and "input," my public key for remote login?

Put it on a small flash disk.  I carry a little USB 128MB flash disk on
my keychain ($4.95) that has my DSA key on it.  I use

	ssh -i /path/to/flashcard/id_dsa

to access it.  A typical DSA key looks like:

ssh-dss AAAAB3NzaC1kc3MAAACBAPs7QxxxxxxxxW6GPKzm18ITO08NtyuwdtwA
+Z7beYeBiyyBCqtlvYgPcZztzD4
+85vJkhuLKKyL0MfIunsmG/SwyuHh78vJyGAyUpaZCupBtppnfxrSXiCh/uJpHyGLT2veS3S5zY5P9e8br4AMBM2SPbmGCuYrCFjt0+t642shAAAAFQCoOMkiuY80x0LR5cgpAt2fvVHUYQAAAIB65hFF/7wYXZmCIloYpWDaBNa71FAbWTUy5vDh4OJGjyK7sEg2FfXtiHJZappSgLF75Q18OCaVlhaOjq50OMu6duaFuCSRusY73K+181z3P114FXS3gd4DeVqyNcUGetzFjC+Y7mojWy6AdjbuiX1+hFwgRg4XWsZRl3322yk5JgAAAIBlE8Q/gAOy/6nuBJryUBCcpONvCDZT+2kdy+KoOzKh6uXJkRdJRHENUA26tZcKXX3LxaBagMC4S15MwOH3M90NEEnHx55RfvSTMs9SF/EQcHnfsDJUtrhlOeMfmlkq5crhBMEx8BMmTQaZQQ4fjcMaz6F4uXu7evdvHFipx119ag== root at nprophead.corp.publichost.com

(all on one line, of course).  You can also passphrase protect the key
when you generate it if you wish, and the above command will ask you for
the passphrase when you try to use it.

----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens at vitalstream.com -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-      Always remember you're unique, just like everyone else.       -
----------------------------------------------------------------------

More information about the Redhat-install-list mailing list