morphing topic: RE: paypal scam - tracing link
Bob Kinney
bc98kinney at yahoo.com
Tue Oct 31 05:16:35 UTC 2006
--- Rick Stevens <rstevens at vitalstream.com> wrote:
> On Mon, 2006-10-30 at 17:00 -0800, Bob Kinney wrote:
> >
> > --- Rick Stevens <rstevens at vitalstream.com> wrote:
> >
> > > On Mon, 2006-10-30 at 15:44 -0800, Bob Kinney wrote:
> > > >
> > > > --- A.Fadyushin at it-centre.ru wrote:
> > > >
> > > > >
> > > > > 6) If you are using SSH you can completely disable SSH password
> > > > > authentication and use keys (protected by password on your local
> > > > > workstation) to log in. In this case it would be impossible to guess
> you
> > > > > password by attempting to login into server via SSH. In this case the
> > > > > server does not use the password for authentication and the key
> > > > > protection password newer exists outside your workstation.
> > > >
> > > >
> > > > I like this idea--minimum 128-bit "passwords". Can you point to a
> > > > how-to link?
> > >
> > > Simply generate a DSA or RSA key on your local machine:
> > >
> > > $ ssh-keygen [-t dsa]
> > >
> > > By default, ssh-keygen creates a RSA keys. Then tack the contents of
> > > the ~/.ssh/id_dsa.pub (or id_rsa.pub) file to the end of the
> > > "~./ssh/authorized_keys" file on the destination machine.
> > >
> > > You can then turn off password authentication on the target machine and
> > > it'll only use the keys in the authorized_keys file.
> >
> >
> > So how would I "carry," and "input," my public key for remote login?
>
> Put it on a small flash disk. I carry a little USB 128MB flash disk on
> my keychain ($4.95) that has my DSA key on it. I use
>
> ssh -i /path/to/flashcard/id_dsa
>
> to access it. A typical DSA key looks like:
>
> ssh-dss
AAAAB3NzaC1kc3MAAACBAPs7QxxxxxxxxW6GPKzm18ITO08NtyuwdtwA+Z7beYeBiyyBCqtlvYgPcZztzD4+85vJkhuLKKyL0MfIunsmG/SwyuHh78vJyGAyUpaZCupBtppnfxrSXiCh/uJpHyGLT2veS3S5zY5P9e8br4AMBM2SPbmGCuYrCFjt0+t642shAAAAFQCoOMkiuY80x0LR5cgpAt2fvVHUYQAAAIB65hFF/7wYXZmCIloYpWDaBNa71FAbWTUy5vDh4OJGjyK7sEg2FfXtiHJZappSgLF75Q18OCaVlhaOjq50OMu6duaFuCSRusY73K+181z3P114FXS3gd4DeVqyNcUGetzFjC+Y7mojWy6AdjbuiX1+hFwgRg4XWsZRl3322yk5JgAAAIBlE8Q/gAOy/6nuBJryUBCcpONvCDZT+2kdy+KoOzKh6uXJkRdJRHENUA26tZcKXX3LxaBagMC4S15MwOH3M90NEEnHx55RfvSTMs9SF/EQcHnfsDJUtrhlOeMfmlkq5crhBMEx8BMmTQaZQQ4fjcMaz6F4uXu7evdvHFipx119ag==
root at nprophead.corp.publichost.com
> (all on one line, of course). You can also passphrase protect the key
> when you generate it if you wish, and the above command will ask you for
> the passphrase when you try to use it.
>
Now THAT'S a password. Thanks, Rick.
--bc
____________________________________________________________________________________
Want to start your own business? Learn how on Yahoo! Small Business
(http://smallbusiness.yahoo.com)
More information about the Redhat-install-list
mailing list