-----Original Message-----
From: redhat-install-list-bounces redhat com
[mailto:redhat-install-list-
bounces redhat com] On Behalf Of Bob Kinney
Sent: Tuesday, October 31, 2006 8:17 AM
To: Getting started with Red Hat Linux
Subject: Re: morphing topic: RE: paypal scam - tracing link
--- Rick Stevens <rstevens vitalstream com> wrote:
> On Mon, 2006-10-30 at 17:00 -0800, Bob Kinney wrote:
> >
> > --- Rick Stevens <rstevens vitalstream com> wrote:
> >
> > > On Mon, 2006-10-30 at 15:44 -0800, Bob Kinney wrote:
> > > >
> > > > --- A Fadyushin it-centre ru wrote:
> > > >
> > > > >
> > > > > 6) If you are using SSH you can completely disable SSH
password
> > > > > authentication and use keys (protected by password on your
local
> > > > > workstation) to log in. In this case it would be impossible
to
guess
> you
> > > > > password by attempting to login into server via SSH. In this
case the
> > > > > server does not use the password for authentication and the
key
> > > > > protection password newer exists outside your workstation.
> > > >
> > > >
> > > > I like this idea--minimum 128-bit "passwords". Can you point
to a
> > > > how-to link?
> > >
> > > Simply generate a DSA or RSA key on your local machine:
> > >
> > > $ ssh-keygen [-t dsa]
> > >
> > > By default, ssh-keygen creates a RSA keys. Then tack the
contents
of
> > > the ~/.ssh/id_dsa.pub (or id_rsa.pub) file to the end of the
> > > "~./ssh/authorized_keys" file on the destination machine.
> > >
> > > You can then turn off password authentication on the target
machine
and
> > > it'll only use the keys in the authorized_keys file.
> >
> >
> > So how would I "carry," and "input," my public key for remote
login?
>
> Put it on a small flash disk. I carry a little USB 128MB flash disk
on
> my keychain ($4.95) that has my DSA key on it. I use
>
> ssh -i /path/to/flashcard/id_dsa
>
> to access it. A typical DSA key looks like:
>
> ssh-dss
AAAAB3NzaC1kc3MAAACBAPs7QxxxxxxxxW6GPKzm18ITO08NtyuwdtwA+Z7beYeBiyyBCqtl
vY
gPcZztzD4+85vJkhuLKKyL0MfIunsmG/SwyuHh78vJyGAyUpaZCupBtppnfxrSXiCh/uJpHy
GL
T2veS3S5zY5P9e8br4AMBM2SPbmGCuYrCFjt0+t642shAAAAFQCoOMkiuY80x0LR5cgpAt2f
vV
HUYQAAAIB65hFF/7wYXZmCIloYpWDaBNa71FAbWTUy5vDh4OJGjyK7sEg2FfXtiHJZappSgL
F7
5Q18OCaVlhaOjq50OMu6duaFuCSRusY73K+181z3P114FXS3gd4DeVqyNcUGetzFjC+Y7moj
Wy
6AdjbuiX1+hFwgRg4XWsZRl3322yk5JgAAAIBlE8Q/gAOy/6nuBJryUBCcpONvCDZT+2kdy+
Ko
OzKh6uXJkRdJRHENUA26tZcKXX3LxaBagMC4S15MwOH3M90NEEnHx55RfvSTMs9SF/EQcHnf
sD
JUtrhlOeMfmlkq5crhBMEx8BMmTQaZQQ4fjcMaz6F4uXu7evdvHFipx119ag==
root nprophead corp publichost com
> (all on one line, of course). You can also passphrase protect the
key
> when you generate it if you wish, and the above command will ask you
for
> the passphrase when you try to use it.
>
Now THAT'S a password. Thanks, Rick.
--bc
I strongly recommend you to use the passphrase protected key - it will
render the key useless in the hands of someone who obtained it without
your permission (for example, by copying it from you computer or flash
disk left unattended).
Of course, the length of the key should not be 128 bits as mentioned
above. It is recommended to use at least 2048 bits RSA keys or 1024 bits
DSA keys.
Alexey B. Fadyushin
Brainbench MVP for Linux
http://www.brainbench.com
_______________________________________________
Redhat-install-list mailing list
Redhat-install-list redhat com
https://www.redhat.com/mailman/listinfo/redhat-install-list
To Unsubscribe Go To ABOVE URL or send a message to:
redhat-install-list-request redhat com
Subject: unsubscribe