Entry 16128 (Berkeley CSUA MOTD)

Berkeley CSUA MOTD:Entry 16128

WIKI \| FAQ \| Tech FAQ
`http://csua.com/feed/`

2025/05/25 [General] UID:1000 Activity:popular

5/25

1999/7/14-16 [Computer/SW/Unix] UID:16128 Activity:nil

7/14    So it's almost 7/15. What's the word on S/Key or telnet alternatives?
        \_ man skey is higher-level
        \_ S/Key is supported; see "man keyinit" for what to set up on soda
           and http://msri.org/local/computing/skey for what to set up on
           your local machine.      --mconst

ERROR, url_link recursive (eces.Colorado.EDU/secure/mindterm2) 2025/05/25 [General] UID:1000 Activity:popular

5/25

You may also be interested in these entries...

2012/8/26-11/7 [Computer/SW/Security] UID:54465 Activity:nil

8/26    Poll: how many of you pub/priv key users: 1) use private keys that
        are not password protected 2) password protect your private keys
        but don't use ssh-agent 3) use ssh-agent:
        1) .
        2) ..
        3) ...
	...

2012/8/29-11/7 [Computer/SW/Security] UID:54467 Activity:nil

8/29    There was once a CSUA web page which runs an SSH client for logging
        on to soda.  Does that page still exist?  Can someone remind me of the
        URL please?  Thx.
        \_ what do you mean? instruction on how to ssh into soda?
           \_ No I think he means the ssh applet, which, iirc, was an applet
              that implemented an ssh v1 client.  I think this page went away
	...

2011/4/27-7/30 [Computer/SW/Security, Computer/SW/Unix] UID:54096 Activity:nil

4/28    Will wall be fixed?   - jsl
        \_ What's wall?
           \_ An anachronism from a bygone era, when computers were hard to
              comeby, the dorms didn't have net, there was no airbears, and
              when phones didn't come standard with twitter or sms.
           \_ A non useful implementation of twitter.
	...

2009/7/8-16 [Computer/SW/OS/Linux, Computer/SW/Unix] UID:53124 Activity:nil

7/7     what happened to our web presence? http://www.csua.berkeley.edu
        not working
    \_ That would be because we've yet to set them up afaik. Steven *does* have
    a job after all. The idea is that we want a separate computer mounting the
    web directories, so that if an exploit compromises the webserver, the shell
    server (soda) itself will be insulated from the attack.
	...

2009/6/29-7/3 [Computer/SW/Security] UID:53083 Activity:low 53%like:53089

6/28    Hello everyone,
Logins to soda are back open.  The new ssh key is
2048 4b:96:67:18:27:da:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
Please allow public key authentication since it is more secure
than plain password. Also if you see this posting, it means
anybody could have posted the annoucement.  Because  the
	...

2009/6/29-7/3 [Computer/SW/Security] UID:53089 Activity:nil 53%like:53083

6/29    Please allow public key authentication since it is more
        secure than plain password.  If you see this posting, it
        means anybody could have posted the annoucement.  Because
        the official csua web site is still down., this makes it a
        little suspicious to the truly paranoid.
        p.s.  this web entry format is counter intuitive.  And how come
	...

2009/4/22-28 [Computer/SW/Security] UID:52894 Activity:nil

4/22    ok, here's a little networking puzzler. I haven't been able to access
        youtube for a couple weeks. Couldn't figure out why. Happened on all
        browsers. traceroute did weird stuff and then timed out. Finally I
        got so frustrated I setup firefox to ssh tunnel through soda.csua,
        which worked great. Then, I kill the ssh proc, quit FF, and now,
        I can access youtube just fine from any browser. wtf? any
	...

2009/2/10-13 [Computer/SW/Security, Computer/SW/Unix] UID:52552 Activity:nil

2/10    I have an sh file that does a mount.. the mount does an
        authentication. I previosly stored the username and password
        from zenity prompts. However, I can't get a return on the password
        field. The following only works on the username:
        mount -t davfs "http://blahblah.com/BLahUser11" /mountdir << EOF
        ${username}
	...

2009/1/15-23 [Computer/SW/Languages/Java, Computer/SW/Security] UID:52394 Activity:nil

1/15    http://cwe.mitre.org/top25
        2009 CWE/SANS Top 25 Most Dangerous Programming Errors
        \_ "Avoid inconsistent messaging that might accidentally tip off
           an attacker about internal state, such as whether a username
           is valid or not."  Really?  Fuck you buddy.  I don't always
           remember what my goddamn username was on your stupid fucking
	...

2009/1/5-8 [Computer/SW/Unix] UID:52313 Activity:kinda low

1/3     no hurry but do you know of:
        $ chsh
        Password:
        Enter the new value, or press return for the default
         Login Shell [/usr/local/bin/bash]: /bin/zsh
        failed: Insufficient access
	...

Cache (2529 bytes)

msri.org/local/computing/skey -> msri.org/local/computing/skey/MacOS 10 DOS 11 NeXT 12 Windows95 13 OS/2 14 Windows After downloading the executable, place it in a directory that is in your path. With Unix, be sure that the executable permission bits are set. The Macintosh executable is in binhex format, so simply drag the icon on top of the stuffit icon to decompress into a clickable Mac application. The one time password that the client generates will be a short poem, for example: YAWL SULK SOUR COVE SILO NECK The server will check this and then, if appropriate, let you in. Note that the client will always generate a one time password, even with incorrect input. If you try unsuccessfully to authenticate yourself 5 times within 3 minutes, the authentication server will temporarily disable your account. You supply that, the proxy is completed, and you are ready to proceed just as though you had originally telnet-ed or ftp-ed directly to woody. When woody responds, you simply supply your username and ordinary MSRI password and the session proceeds transparently through the firewall. There are more detailed instruction the appropriate sections of in the MSRI Computer Handbook for 18 telnet and 19 ftp, respectively. The Theory Behind s/key s/key is a one-time password system. It secures your system by making playback attacks against user passwords computationally infeasible. When you are challenged for a password by s/key, it provides you with a sequence number, n, and a seed. You enter the sequence number and seed into your s/key response calculator and also enter a secret pass phrase. This secret pass phrase should not be typed over an insecure channel. If you restrict yourself to typing the secret pass phrase only on your local machine which has not been compromised by hackers, the secret pass phrase should remain secure. The s/key calculator combines the secret pass phrase with the key and MD4 hashes it n times according to the sequence number. It then provides you with an encoded version of the resulting number which you should then type in as a response to the original challenge. The challenging system then MD4 hashes your response and compares the result with the last password you provided. Vulnerabilities If someone can capture your secure password, they can then generate any password they need. They could do this by compromising the system you use to compute the response. If MD4 is ever broken (it's supposed to be a one-way hash) they could capture a response and generate the next response by finding something that hashes to the same value.