morphing topic: RE: paypal scam - tracing link

Bob Kinney bc98kinney at yahoo.com
Tue Oct 31 05:16:35 UTC 2006



--- Rick Stevens <rstevens at vitalstream.com> wrote:

> On Mon, 2006-10-30 at 17:00 -0800, Bob Kinney wrote:
> > 
> > --- Rick Stevens <rstevens at vitalstream.com> wrote:
> > 
> > > On Mon, 2006-10-30 at 15:44 -0800, Bob Kinney wrote:
> > > > 
> > > > --- A.Fadyushin at it-centre.ru wrote:
> > > > 
> > > > > 
> > > > > 6) If you are using SSH you can completely disable SSH password
> > > > > authentication and use keys (protected by password on your local
> > > > > workstation) to log in. In this case it would be impossible to guess
> you
> > > > > password by attempting to login into server via SSH. In this case the
> > > > > server does not use the password for authentication and the key
> > > > > protection password newer exists outside your workstation.
> > > > 
> > > > 
> > > > I like this idea--minimum 128-bit "passwords".  Can you point to a 
> > > > how-to link?
> > > 
> > > Simply generate a DSA or RSA key on your local machine:
> > > 
> > > 	$ ssh-keygen [-t dsa]
> > > 
> > > By default, ssh-keygen creates a RSA keys.  Then tack the contents of
> > > the ~/.ssh/id_dsa.pub (or id_rsa.pub) file to the end of the
> > > "~./ssh/authorized_keys" file on the destination machine.
> > > 
> > > You can then turn off password authentication on the target machine and
> > > it'll only use the keys in the authorized_keys file.
> > 
> > 
> > So how would I "carry," and "input," my public key for remote login?
> 
> Put it on a small flash disk.  I carry a little USB 128MB flash disk on
> my keychain ($4.95) that has my DSA key on it.  I use
> 
> 	ssh -i /path/to/flashcard/id_dsa
> 
> to access it.  A typical DSA key looks like:
> 
> ssh-dss
AAAAB3NzaC1kc3MAAACBAPs7QxxxxxxxxW6GPKzm18ITO08NtyuwdtwA+Z7beYeBiyyBCqtlvYgPcZztzD4+85vJkhuLKKyL0MfIunsmG/SwyuHh78vJyGAyUpaZCupBtppnfxrSXiCh/uJpHyGLT2veS3S5zY5P9e8br4AMBM2SPbmGCuYrCFjt0+t642shAAAAFQCoOMkiuY80x0LR5cgpAt2fvVHUYQAAAIB65hFF/7wYXZmCIloYpWDaBNa71FAbWTUy5vDh4OJGjyK7sEg2FfXtiHJZappSgLF75Q18OCaVlhaOjq50OMu6duaFuCSRusY73K+181z3P114FXS3gd4DeVqyNcUGetzFjC+Y7mojWy6AdjbuiX1+hFwgRg4XWsZRl3322yk5JgAAAIBlE8Q/gAOy/6nuBJryUBCcpONvCDZT+2kdy+KoOzKh6uXJkRdJRHENUA26tZcKXX3LxaBagMC4S15MwOH3M90NEEnHx55RfvSTMs9SF/EQcHnfsDJUtrhlOeMfmlkq5crhBMEx8BMmTQaZQQ4fjcMaz6F4uXu7evdvHFipx119ag==
root at nprophead.corp.publichost.com
> (all on one line, of course).  You can also passphrase protect the key
> when you generate it if you wish, and the above command will ask you for
> the passphrase when you try to use it.
> 

Now THAT'S a password.  Thanks, Rick.

--bc


 
____________________________________________________________________________________
Want to start your own business? Learn how on Yahoo! Small Business 
(http://smallbusiness.yahoo.com) 




More information about the Redhat-install-list mailing list