Berkeley CSUA MOTD:Entry 42892
Berkeley CSUA MOTD
 
WIKI | FAQ | Tech FAQ
http://csua.com/feed/
2025/04/04 [General] UID:1000 Activity:popular
4/4     

2006/5/2-5 [Computer/SW/Security] UID:42892 Activity:nil
5/2     Okay, I think I get it now.  If I want password-less login to
        soda, then I need to do the whole generating the public and private
        keys which requires a pass phrase, if I can put up with entering
        my unix password every time in SSH or PUTTY, then I don't need
        to do the whole ssh-keygen stuff.  Is it correct?
        \_ Yes.  But if you go password-less, then if soda is compromised
           again, you won't need to change your unix password.
           \_ why is that?  if soda is compromised then they have access
              to the unix password too.
              \_ Not if you didn't type it in while soda was compromised. -tom
                 \_ Unless it was cracked, which basically depends only on
                    how motivated the attacker is. -gm
                    \_ This is why a couple of soda users choose not to have
                       passwords at all -- they have "*" for their password
                       in /etc/shadow, so ssh keys are the only way they can
                       log in.  For those users, an attacker who gets soda's
                       password file won't have anything to crack.  --mconst
                        \_ how do you put * in /etc/shadow?  I can't even
                           view it?  so if I don't want to use unix password,
                           I need to ssh-keygen on my client server, then copy
                           the generated public key to soda under .ssh/ folder?
                           I should not copy my private key on soda though, right?
                           \_ Unfortunately, it's not possible for you to do
                              this yourself.  If you really want to have no
                              password, mail root and we can remove it for
                              you -- but before you do that, you might want
                              to try just setting your password to something
                              random and not using it for a while.  This will
                              give you a chance to get used to ssh keys and
                              see how you like them, and if anything goes
                              wrong with your ssh keys, you'll be able to log
                              in with your password and fix them.  And yes,
                              your ssh-keygen stuff is exactly right.  You
                              didn't mention this, but when you put the public
                              key on soda, you need to put it in a file named
                              .ssh/authorized_keys.  --mconst
                                \_ thank you bery much! this helped alot in clearing
                                   out my confusions.
        \_ I was told because of the comprise, my ssh private key may be
           stolen as well, but how is that possible?  I thought the ssh
           private key is on the client host, not on the server host (i.e.
           http://csua.berkeley.edu)?
           \_ Some people put their private keys on soda (with a passphrase,
              I would hope). If you did, then both your private key and your
              passphrase may have been stolen. If you didn't store your private
              key on soda, you should be fine. -gm
              \_ they put their private keys on soda, is it because they want
                 to use soda as a client to a different server?
                 \_ Exactly.
              \_ the private key would be under .ssh/ right?
ERROR, url_link recursive (eces.Colorado.EDU/secure/mindterm2) 2025/04/04 [General] UID:1000 Activity:popular
4/4     

You may also be interested in these entries...
2013/10/24-11/21 [Computer/Companies/Apple] UID:54747 Activity:nil
9/19    "No, A Severed Finger Will Not Be Able to Access a Stolen iPhone 5S"
        http://mashable.com/2013/09/15/severed-finger-iphone-5s
        I'm sure the Apple QA department has tested extensively that a severed
        finger will not be able to access a stolen iPhone 5S.
        \_ It doesn't matter whether or not a severed finger can be used.  It
           matters whether or not a robber thinks that a severed finger can be
	...
2013/6/6-7/31 [Politics/Foreign/Asia/China, Computer/SW/Security] UID:54690 Activity:nil
6/6     Wow, NSA rocks. Who would have thought they had access to major
        data exchangers? I have much more respect for government workers,
        crypto experts, mathematicans now than ever.
        \_ flea to Hong Kong --> best dim-sum in the world
           \_ "flee"
        \_ The dumb ones work for DMV, the smart ones for the NSA. If you
	...
2012/8/26-11/7 [Computer/SW/Security] UID:54465 Activity:nil
8/26    Poll: how many of you pub/priv key users: 1) use private keys that
        are not password protected 2) password protect your private keys
        but don't use ssh-agent 3) use ssh-agent:
        1) .
        2) ..
        3) ...
	...
2012/8/29-11/7 [Computer/SW/Security] UID:54467 Activity:nil
8/29    There was once a CSUA web page which runs an SSH client for logging
        on to soda.  Does that page still exist?  Can someone remind me of the
        URL please?  Thx.
        \_ what do you mean? instruction on how to ssh into soda?
           \_ No I think he means the ssh applet, which, iirc, was an applet
              that implemented an ssh v1 client.  I think this page went away
	...
2012/9/20-11/7 [Computer/SW/Unix, Finance/Investment] UID:54482 Activity:nil
9/20    How do I change my shell? chsh says "Cannot change ID to root."
        \_ /usr/bin/chsh does not have the SUID permission set. Without
           being set, it does not successfully change a user's shell.
           Typical newbie sys admin (on soda)
           \_ Actually, it does: -rwsr-xr-x 1 root root 37552 Feb 15  2011 /usr/bin/chsh
	...
2012/9/24-11/7 [Computer/SW/Languages, Computer/SW/Unix] UID:54484 Activity:nil
9/24    How come changing my shell using ldapmodify (chsh doesn't work) doesn't
        work either? ldapsearch and getent show the new shell but I still get
        the old shell on login.
        \_ Scratch that, it magically took my new shell now. WTF?
           \_ probably nscd(8)
	...
2012/8/7-10/17 [Computer/SW/Security] UID:54455 Activity:nil
8/6     Amazon and Apple have lame security policies:
        http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all
        "First you call Amazon and tell them you are the account holder, and
         want to add a credit card number to the account. All you need is the
         name on the account, an associated e-mail address, and the billing
         address. "
	...
2012/7/13-8/19 [Computer/SW/Security, Computer/Companies/Yahoo] UID:54436 Activity:nil
7/13    Why would Yahoo store passwords unencrypted?  I recall that even 20+
        years ago the passwords stored in /etc/passwd on instructional
        machines here at Cal were one-way encrypted.  (I think those were
        Ultrix machines.)
        \_ Doesn't this say anything already?
           http://finance.yahoo.com/echarts?s=YHOO+Interactive#symbol=yhoo;range=5y
	...
2012/5/8-6/4 [Computer/SW/Unix] UID:54383 Activity:nil
5/8     Hello everyone!  This is Josh Hawn, CSUA Tech VP for Spring 2012.
        About 2 weeks ago, someone brought to my attention that our script
        to periodically merge /etc/motd.public into /etc/motd wasn't
        running.  When I looked into it, the cron daemon was running, but
        there hadn't been any root activity in the log since April 7th.  I
        looked into it for a while, but got lost in other things I was
	...
Cache (1958 bytes)
csua.berkeley.edu
Science Undergraduate Association The Computer Science Undergraduate Association is dedicated to representing the undergraduate Computer Science student body and associates to the University of California at Berkeley, its representatives, and other related organizations; Our office is located in 343 Soda Hall, located at the corner of Hearst & LeRoy. May___| |May, 2004 | |_S___M___T___W___T___F___S_| | |1 | ||___| |2 |3 |4 |5 |6 |7 |8 | |___|___|___|___|___|___|___| |9 |10 |11 |12 |13 |14 |15 | |___|___|___|___|___|___|___| |16 |17 |18 |19 |20 |21 |22 | |___|___|___|___|___|___|___| |23 |24 |25 |26 |27 |28 |29 | |___|___|___|___|___|___|___| |30 |31 | | |___|___|| Calendar of Events Mon, May 3rd, (6:00 PM) General Meeting/Officer Elections Announcements: * CSUA t-shirts are now available in the office (343 Soda) for $12 each. Baby-doll cuts also available. View the design on front and back. The CSUA Mentoring Program is calling for new students to sign up to be mentored. Register to find out more information about this free program at the mentoring website. Members interested in mentoring should contact jhs as soon as possible. CSUA Officer Meetings: Politburo meetings for Spring 2004 are scheduled for every Monday at 6pm in 337 Soda Hall. New members always welcome. Help Sessions are being offered, open especially to new students. The topics, times, and locations are listed here. We just made a Costco run. If you don't know what this means, stop by 343 Soda to find out. The Constitution has been amended. Many thanks to AMD and the TDA Project. Secure remote logins require either SSH ( Java Client) or S/KEY ( Java Client). User Policy - The Rules * Frequently Asked Questions about the CSUA and Soda * CSUA Constitution * Message of the Day - Including downtime announcements * CSUA Library * CSUA Encyclopedia * Membership application form, in PDF, TeX, DVI, and Postscript. The Mentoring Program * Prospective LSCS Mailing List.