morphing topic: RE: paypal scam - tracing link

Tue Oct 31 14:47:43 UTC 2006

----- Original Message ----- 
From: <A.Fadyushin at it-centre.ru>
To: <redhat-install-list at redhat.com>
Sent: Tuesday, October 31, 2006 8:35 AM
Subject: RE: morphing topic: RE: paypal scam - tracing link

> 
> 
>> -----Original Message-----
>> From: redhat-install-list-bounces at redhat.com
> [mailto:redhat-install-list-
>> bounces at redhat.com] On Behalf Of Bob Kinney
>> Sent: Tuesday, October 31, 2006 8:17 AM
>> To: Getting started with Red Hat Linux
>> Subject: Re: morphing topic: RE: paypal scam - tracing link
>> 
>> 
>> 
>> --- Rick Stevens <rstevens at vitalstream.com> wrote:
>> 
>> > On Mon, 2006-10-30 at 17:00 -0800, Bob Kinney wrote:
>> > >
>> > > --- Rick Stevens <rstevens at vitalstream.com> wrote:
>> > >
>> > > > On Mon, 2006-10-30 at 15:44 -0800, Bob Kinney wrote:
>> > > > >
>> > > > > --- A.Fadyushin at it-centre.ru wrote:
>> > > > >
>> > > > > >
>> > > > > > 6) If you are using SSH you can completely disable SSH
> password
>> > > > > > authentication and use keys (protected by password on your
> local
>> > > > > > workstation) to log in. In this case it would be impossible
> to
>> guess
>> > you
>> > > > > > password by attempting to login into server via SSH. In this
>> case the
>> > > > > > server does not use the password for authentication and the
> key
>> > > > > > protection password newer exists outside your workstation.
>> > > > >
>> > > > >
>> > > > > I like this idea--minimum 128-bit "passwords".  Can you point
> to a
>> > > > > how-to link?
>> > > >
>> > > > Simply generate a DSA or RSA key on your local machine:
>> > > >
>> > > > $ ssh-keygen [-t dsa]
>> > > >
>> > > > By default, ssh-keygen creates a RSA keys.  Then tack the
> contents
>> of
>> > > > the ~/.ssh/id_dsa.pub (or id_rsa.pub) file to the end of the
>> > > > "~./ssh/authorized_keys" file on the destination machine.
>> > > >
>> > > > You can then turn off password authentication on the target
> machine
>> and
>> > > > it'll only use the keys in the authorized_keys file.
>> > >
>> > >
>> > > So how would I "carry," and "input," my public key for remote
> login?
>> >
>> > Put it on a small flash disk.  I carry a little USB 128MB flash disk
> on
>> > my keychain ($4.95) that has my DSA key on it.  I use
>> >
>> > ssh -i /path/to/flashcard/id_dsa
>> >
>> > to access it.  A typical DSA key looks like:
>> >
>> > ssh-dss
>>
> AAAAB3NzaC1kc3MAAACBAPs7QxxxxxxxxW6GPKzm18ITO08NtyuwdtwA+Z7beYeBiyyBCqtl
> vY
>>
> gPcZztzD4+85vJkhuLKKyL0MfIunsmG/SwyuHh78vJyGAyUpaZCupBtppnfxrSXiCh/uJpHy
> GL
>>
> T2veS3S5zY5P9e8br4AMBM2SPbmGCuYrCFjt0+t642shAAAAFQCoOMkiuY80x0LR5cgpAt2f
> vV
>>
> HUYQAAAIB65hFF/7wYXZmCIloYpWDaBNa71FAbWTUy5vDh4OJGjyK7sEg2FfXtiHJZappSgL
> F7
>>
> 5Q18OCaVlhaOjq50OMu6duaFuCSRusY73K+181z3P114FXS3gd4DeVqyNcUGetzFjC+Y7moj
> Wy
>>
> 6AdjbuiX1+hFwgRg4XWsZRl3322yk5JgAAAIBlE8Q/gAOy/6nuBJryUBCcpONvCDZT+2kdy+
> Ko
>>
> OzKh6uXJkRdJRHENUA26tZcKXX3LxaBagMC4S15MwOH3M90NEEnHx55RfvSTMs9SF/EQcHnf
> sD
>> JUtrhlOeMfmlkq5crhBMEx8BMmTQaZQQ4fjcMaz6F4uXu7evdvHFipx119ag==
>> root at nprophead.corp.publichost.com
>> > (all on one line, of course).  You can also passphrase protect the
> key
>> > when you generate it if you wish, and the above command will ask you
> for
>> > the passphrase when you try to use it.
>> >
>> 
>> Now THAT'S a password.  Thanks, Rick.
>> 
>> --bc
> 
> I strongly recommend you to use the passphrase protected key - it will
> render the key useless in the hands of someone who obtained it without
> your permission (for example, by copying it from you computer or flash
> disk left unattended).
> 
> Of course, the length of the key should not be 128 bits as mentioned
> above. It is recommended to use at least 2048 bits RSA keys or 1024 bits
> DSA keys.
> 
> Alexey B. Fadyushin
> Brainbench MVP for Linux
> http://www.brainbench.com
> 
> _______________________________________________
> Redhat-install-list mailing list
> Redhat-install-list at redhat.com
> https://www.redhat.com/mailman/listinfo/redhat-install-list
> To Unsubscribe Go To ABOVE URL or send a message to:
> redhat-install-list-request at redhat.com
> Subject: unsubscribe
>

So if the flash disk is stolen, it is useless to the other person.
What position does this leave the owner in?
Can they still get into these systems?
If so how?