Berkeley CSUA MOTD:Entry 42878
Berkeley CSUA MOTD
 
WIKI | FAQ | Tech FAQ
http://csua.com/feed/
2024/11/23 [General] UID:1000 Activity:popular
11/23   

2006/5/1-4 [Computer/SW/Security] UID:42878 Activity:nil
5/1     Where can I find step by step instructions to change my ssh pass?
        How do I change my login password?  Sorry I haven't been on unix
        for too long.
        \_ What do you mean?  You mean your login password?  Run passwd.
           You mean the password used to decrypt your private key?  If you
           stored a private key on soda, shouldn't you assume that's been
           compromised too and generate a new private/public key pair?
           \_ yes the compromised passphrase fo rdecrypt the key.  Please
              how do you remember the steps to regenerate a new priveate/pub
              key?  All I remember there were some very tricky steps to generate
              the key.  Like I either 1) have to use the keyboard that is on
              the server; or 2) use the java interface to generate the key
              Now I can't find the procedures on csua website....
              \_ You seem to be confusing ssh keys with the ridiculously
                 paranoid (and not altogether useful) "advice" on securing
                 your pgp/gpg key.  Try "man ssh-keygen"
        \_ Passphrase you mean?
        \_ Would this help? http://www.csua.berkeley.edu/ssh-howto.html
        \_ http://www.csua.berkeley.edu/~ranga/notes/ssh_nopass.html
ERROR, url_link recursive (eces.Colorado.EDU/secure/mindterm2) 2024/11/23 [General] UID:1000 Activity:popular
11/23   

You may also be interested in these entries...
2013/10/24-11/21 [Computer/Companies/Apple] UID:54747 Activity:nil
9/19    "No, A Severed Finger Will Not Be Able to Access a Stolen iPhone 5S"
        http://mashable.com/2013/09/15/severed-finger-iphone-5s
        I'm sure the Apple QA department has tested extensively that a severed
        finger will not be able to access a stolen iPhone 5S.
        \_ It doesn't matter whether or not a severed finger can be used.  It
           matters whether or not a robber thinks that a severed finger can be
	...
2013/6/6-7/31 [Politics/Foreign/Asia/China, Computer/SW/Security] UID:54690 Activity:nil
6/6     Wow, NSA rocks. Who would have thought they had access to major
        data exchangers? I have much more respect for government workers,
        crypto experts, mathematicans now than ever.
        \_ flea to Hong Kong --> best dim-sum in the world
           \_ "flee"
        \_ The dumb ones work for DMV, the smart ones for the NSA. If you
	...
2012/8/26-11/7 [Computer/SW/Security] UID:54465 Activity:nil
8/26    Poll: how many of you pub/priv key users: 1) use private keys that
        are not password protected 2) password protect your private keys
        but don't use ssh-agent 3) use ssh-agent:
        1) .
        2) ..
        3) ...
	...
2012/8/29-11/7 [Computer/SW/Security] UID:54467 Activity:nil
8/29    There was once a CSUA web page which runs an SSH client for logging
        on to soda.  Does that page still exist?  Can someone remind me of the
        URL please?  Thx.
        \_ what do you mean? instruction on how to ssh into soda?
           \_ No I think he means the ssh applet, which, iirc, was an applet
              that implemented an ssh v1 client.  I think this page went away
	...
2012/9/24-11/7 [Computer/SW/Languages, Computer/SW/Unix] UID:54484 Activity:nil
9/24    How come changing my shell using ldapmodify (chsh doesn't work) doesn't
        work either? ldapsearch and getent show the new shell but I still get
        the old shell on login.
        \_ Scratch that, it magically took my new shell now. WTF?
           \_ probably nscd(8)
	...
2012/8/7-10/17 [Computer/SW/Security] UID:54455 Activity:nil
8/6     Amazon and Apple have lame security policies:
        http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all
        "First you call Amazon and tell them you are the account holder, and
         want to add a credit card number to the account. All you need is the
         name on the account, an associated e-mail address, and the billing
         address. "
	...
2012/7/13-8/19 [Computer/SW/Security, Computer/Companies/Yahoo] UID:54436 Activity:nil
7/13    Why would Yahoo store passwords unencrypted?  I recall that even 20+
        years ago the passwords stored in /etc/passwd on instructional
        machines here at Cal were one-way encrypted.  (I think those were
        Ultrix machines.)
        \_ Doesn't this say anything already?
           http://finance.yahoo.com/echarts?s=YHOO+Interactive#symbol=yhoo;range=5y
	...
Cache (4949 bytes)
www.csua.berkeley.edu/ssh-howto.html
It provides strong authentication and secure communications over insecure channels. It is intended as a replacement for rlogin, rsh, and rcp. SSH protects the user from illicit network snooping ("packet sniffing"), whereby un-encrypted passwords and text can be read by unscrupulous persons. SSH is most useful for logging into a UNIX computer from a Windows or Mac computer or from another UNIX computer, where the traditional 'telnet' and 'rlogin' programs would not provide password and session encryption; SSH serves a purpose that is similar to Kerberos, but it works consistently amongst different operating systems and is easier to administer (no ticket- server is required, sysadmin privileges are not required to set it up). SSH Public and Private KEYS: --------------------------- When you first use ssh, it asks you to invent an "RSA indentity passphrase". The "identity" file should not be readable by anyone but you. On Windows, they are typically located in your lop-level home directory folder. Using SSH on UNIX ----------------- SSH and related programs are available on all CSUA systems in the /usr/local/bin directory. That password will be safely encrypted before it goes across the net to soda, and so will everything else you type once you are logged into soda. You can generate a public key (sort of like a Kerberos ticket) that will let you login to UNIX accounts that without typing your SSH password each time. When you first login to your local workstation, run "ssh-agent" and give it your passphrase. There are also free implementations of SSH for Windows available; To use F-Secure SSH for Windows: 1) Start the F-Secure program (click on icon, select from menu or etc). Enter the computer name, login name and password here and press "OK". Select "Properties" from the "Edit" menu and use "browse" to find these files under your home directory folder. The files are created the first time you use F-Secure in that particular account. MACINTOSH: - MacSSH is a modified version of BetterTelnet with SSH2 support. Features -------- SSH has a number of excellent security features beyond the basic encryption of your password and login session as they pass over the net. SSH can provide a stronger encryption algorithm ("RSA") and it can allow X11 and other network protocols to securely "tunnel" through your encrypted SSH session as they pass over the net. SSH commands include: sshd Server program run on the server machine. This listens for connections from client machines, and whenever it receives a connection, it performs authentication and starts serving the client. For more infomation, see the manual pages ssh, sshd, scp, ssh-keygen, ssh-agent, ssh-add, and make-ssh-known-hosts. It will fall back to standard rlogin/rsh when the remote host does not support SSH, and yet when the remote host *does* support rlogin/rsh, the differences between an SSH and an rsh connection are almost completely invisible to the user; In this system, you start an authentication broker called the 'ssh-agent' which responds to remote hosts' requests to authenticate you, and you authenticate yourself *once* to the ssh-agent at the beginning of your session on the workstation. Further authentications, as required, are directed to your ssh-agent, obviating the need for you to type your password at the start of each new network connection. How to Set Up SSH-Agent ----------------------- When you first use ssh-agent anywhere on the network, you will need to generate your SSH key pair. You can do this by typing 'ssh-keygen' to the shell prompt. Your workstation will grind for a bit and then ask you where to save the key; The security of your passphrase is of the utmost importance, because in order for ssh-agent to be of much use, your passphrase must serve to authenticate you to any machine you wish to use. This basically means that your SSH passphrase is a password that works on all the accounts of all the machines you use. Obviously, therefore, if someone figures out your SSH passphrase, they have access to all the machines you use; Therefore, you should take care never to type your SSH passphrase over an unencrypted network stream. If you do have insecure connections, don't enter your passphrase. Just hit return, and you can enter your UNIX password instead, or you can hit return again, log out of the insecure network connection, and try again from a secure host. Enabling Secure Remote Access Without Passwords ----------------------------------------------- As noted above, SSH RSA authentication relies on a broker known as the ssh-agent. This does not depend on your shell, and is a command of the form "ssh-add". However, in order for ssh-add to realize that it ought to bring up an X window to authenticate you, you have to redirect its standard input to /dev/null; Originally written 9/98 and revised 10/98 by the EECS Instructional & Electronics Support Group for the Instructional UNIX machines;
Cache (272 bytes)
www.csua.berkeley.edu/~ranga/notes/ssh_nopass.html
SSH Without a Password The following steps can be used to ssh from one system to another without specifying a password. Notes: * The system from which the ssh session is started via the ssh command is the client. The system to which the ssh session connects is the server.