morphing topic: RE: paypal scam - tracing link
A.Fadyushin at it-centre.ru
A.Fadyushin at it-centre.ru
Tue Oct 31 14:35:53 UTC 2006
> -----Original Message-----
> From: redhat-install-list-bounces at redhat.com
[mailto:redhat-install-list-
> bounces at redhat.com] On Behalf Of Bob Kinney
> Sent: Tuesday, October 31, 2006 8:17 AM
> To: Getting started with Red Hat Linux
> Subject: Re: morphing topic: RE: paypal scam - tracing link
>
>
>
> --- Rick Stevens <rstevens at vitalstream.com> wrote:
>
> > On Mon, 2006-10-30 at 17:00 -0800, Bob Kinney wrote:
> > >
> > > --- Rick Stevens <rstevens at vitalstream.com> wrote:
> > >
> > > > On Mon, 2006-10-30 at 15:44 -0800, Bob Kinney wrote:
> > > > >
> > > > > --- A.Fadyushin at it-centre.ru wrote:
> > > > >
> > > > > >
> > > > > > 6) If you are using SSH you can completely disable SSH
password
> > > > > > authentication and use keys (protected by password on your
local
> > > > > > workstation) to log in. In this case it would be impossible
to
> guess
> > you
> > > > > > password by attempting to login into server via SSH. In this
> case the
> > > > > > server does not use the password for authentication and the
key
> > > > > > protection password newer exists outside your workstation.
> > > > >
> > > > >
> > > > > I like this idea--minimum 128-bit "passwords". Can you point
to a
> > > > > how-to link?
> > > >
> > > > Simply generate a DSA or RSA key on your local machine:
> > > >
> > > > $ ssh-keygen [-t dsa]
> > > >
> > > > By default, ssh-keygen creates a RSA keys. Then tack the
contents
> of
> > > > the ~/.ssh/id_dsa.pub (or id_rsa.pub) file to the end of the
> > > > "~./ssh/authorized_keys" file on the destination machine.
> > > >
> > > > You can then turn off password authentication on the target
machine
> and
> > > > it'll only use the keys in the authorized_keys file.
> > >
> > >
> > > So how would I "carry," and "input," my public key for remote
login?
> >
> > Put it on a small flash disk. I carry a little USB 128MB flash disk
on
> > my keychain ($4.95) that has my DSA key on it. I use
> >
> > ssh -i /path/to/flashcard/id_dsa
> >
> > to access it. A typical DSA key looks like:
> >
> > ssh-dss
>
AAAAB3NzaC1kc3MAAACBAPs7QxxxxxxxxW6GPKzm18ITO08NtyuwdtwA+Z7beYeBiyyBCqtl
vY
>
gPcZztzD4+85vJkhuLKKyL0MfIunsmG/SwyuHh78vJyGAyUpaZCupBtppnfxrSXiCh/uJpHy
GL
>
T2veS3S5zY5P9e8br4AMBM2SPbmGCuYrCFjt0+t642shAAAAFQCoOMkiuY80x0LR5cgpAt2f
vV
>
HUYQAAAIB65hFF/7wYXZmCIloYpWDaBNa71FAbWTUy5vDh4OJGjyK7sEg2FfXtiHJZappSgL
F7
>
5Q18OCaVlhaOjq50OMu6duaFuCSRusY73K+181z3P114FXS3gd4DeVqyNcUGetzFjC+Y7moj
Wy
>
6AdjbuiX1+hFwgRg4XWsZRl3322yk5JgAAAIBlE8Q/gAOy/6nuBJryUBCcpONvCDZT+2kdy+
Ko
>
OzKh6uXJkRdJRHENUA26tZcKXX3LxaBagMC4S15MwOH3M90NEEnHx55RfvSTMs9SF/EQcHnf
sD
> JUtrhlOeMfmlkq5crhBMEx8BMmTQaZQQ4fjcMaz6F4uXu7evdvHFipx119ag==
> root at nprophead.corp.publichost.com
> > (all on one line, of course). You can also passphrase protect the
key
> > when you generate it if you wish, and the above command will ask you
for
> > the passphrase when you try to use it.
> >
>
> Now THAT'S a password. Thanks, Rick.
>
> --bc
I strongly recommend you to use the passphrase protected key - it will
render the key useless in the hands of someone who obtained it without
your permission (for example, by copying it from you computer or flash
disk left unattended).
Of course, the length of the key should not be 128 bits as mentioned
above. It is recommended to use at least 2048 bits RSA keys or 1024 bits
DSA keys.
Alexey B. Fadyushin
Brainbench MVP for Linux
http://www.brainbench.com
More information about the Redhat-install-list
mailing list