Berkeley CSUA MOTD:Entry 48667
Berkeley CSUA MOTD
 
WIKI | FAQ | Tech FAQ
http://csua.com/feed/
2024/12/25 [General] UID:1000 Activity:popular
12/25   

2007/11/20-26 [Computer/SW/Security] UID:48667 Activity:nil
11/20   Okay, password login failed for me again.  How do I set up my soda acct
        so that I can login using SSL public key?
        \_ One tutorial here: http://www.modwest.com/help/kb20-90.html
           \_ I can't get it working from that.  Either putty won't load the
              key generated on soda, or soda rejects my key generated from
              putty.  Has anyone done this with putty on windows?
              \_ You need to import the key you got from soda, into
                 Puttygen on the windows side, then use the resulting key.
                 \_ Excellent, that did it.  Thanks very much. -op
           \_ Condensed into step-by-step here: /tmp/publickey_putty_instruct
              Please feel free to correct/distribute. --erikred
ERROR, url_link recursive (eces.Colorado.EDU/secure/mindterm2) 2024/12/25 [General] UID:1000 Activity:popular
12/25   

You may also be interested in these entries...
2012/8/26-11/7 [Computer/SW/Security] UID:54465 Activity:nil
8/26    Poll: how many of you pub/priv key users: 1) use private keys that
        are not password protected 2) password protect your private keys
        but don't use ssh-agent 3) use ssh-agent:
        1) .
        2) ..
        3) ...
	...
2012/8/29-11/7 [Computer/SW/Security] UID:54467 Activity:nil
8/29    There was once a CSUA web page which runs an SSH client for logging
        on to soda.  Does that page still exist?  Can someone remind me of the
        URL please?  Thx.
        \_ what do you mean? instruction on how to ssh into soda?
           \_ No I think he means the ssh applet, which, iirc, was an applet
              that implemented an ssh v1 client.  I think this page went away
	...
2012/9/24-11/7 [Computer/SW/Languages, Computer/SW/Unix] UID:54484 Activity:nil
9/24    How come changing my shell using ldapmodify (chsh doesn't work) doesn't
        work either? ldapsearch and getent show the new shell but I still get
        the old shell on login.
        \_ Scratch that, it magically took my new shell now. WTF?
           \_ probably nscd(8)
	...
2012/7/13-8/19 [Computer/SW/Security, Computer/Companies/Yahoo] UID:54436 Activity:nil
7/13    Why would Yahoo store passwords unencrypted?  I recall that even 20+
        years ago the passwords stored in /etc/passwd on instructional
        machines here at Cal were one-way encrypted.  (I think those were
        Ultrix machines.)
        \_ Doesn't this say anything already?
           http://finance.yahoo.com/echarts?s=YHOO+Interactive#symbol=yhoo;range=5y
	...
2011/4/27-7/30 [Computer/SW/Security, Computer/SW/Unix] UID:54096 Activity:nil
4/28    Will wall be fixed?   - jsl
        \_ What's wall?
           \_ An anachronism from a bygone era, when computers were hard to
              comeby, the dorms didn't have net, there was no airbears, and
              when phones didn't come standard with twitter or sms.
           \_ A non useful implementation of twitter.
	...
2011/5/19-7/30 [Computer/SW/Security] UID:54110 Activity:nil
5/19    Uh, is anyone still using this? Please mark here if you post and
        haven't added this yet. I'll start:
        \_ person k
        \_ ausman, I check in about once a week.
        \_ erikred, twice a week or so.
        \_ mehlhaff, I login when I actually own my home directory instead of
	...
2009/10/1-21 [Computer/SW/WWW/Browsers] UID:53417 Activity:moderate
10/1    I am thinking of installing firefox on soda under my home directory.
        Will this make me a hozer?
        \_ Possibly. I wonder if we should have another VM for that...btw,
           I remember someone saying they're glad we're not on FreeBSD
           anymore, but last I checked, a bunch of our stuff is on FreeBSD,
           but our login server is not.
	...
2009/7/12-24 [Computer/SW/Security] UID:53132 Activity:nil
7/9     Ok I'm learning how to do this fancy ssh-keygen thing so that I
        don't have to keep typing passwords inbetween logging into machines.
        What's an ideal size for the number of bits in dsa? 1024 is default,
        but would 2048 enhance it even more? What do you guys use?
        \_ I'm paranoid.  I use 4096.  Go for at least 2048, I'd say...
        \_ If you want to be secure make sure your keys have passphrases, and make
	...
2009/7/8-16 [Computer/SW/OS/Linux, Computer/SW/Unix] UID:53124 Activity:nil
7/7     what happened to our web presence? http://www.csua.berkeley.edu
        not working
    \_ That would be because we've yet to set them up afaik. Steven *does* have
    a job after all. The idea is that we want a separate computer mounting the
    web directories, so that if an exploit compromises the webserver, the shell
    server (soda) itself will be insulated from the attack.
	...
2009/6/29-7/3 [Computer/SW/Security] UID:53083 Activity:low 53%like:53089
6/28    Hello everyone,
Logins to soda are back open.  The new ssh key is
2048 4b:96:67:18:27:da:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
Please allow public key authentication since it is more secure
than plain password. Also if you see this posting, it means
anybody could have posted the annoucement.  Because  the
	...
2009/6/29-7/3 [Computer/SW/Security] UID:53089 Activity:nil 53%like:53083
6/29    Please allow public key authentication since it is more
        secure than plain password.  If you see this posting, it
        means anybody could have posted the annoucement.  Because
        the official csua web site is still down., this makes it a
        little suspicious to the truly paranoid.
        p.s.  this web entry format is counter intuitive.  And how come
	...
Cache (3159 bytes)
www.modwest.com/help/kb20-90.html
Browse How do I get ssh to authenticate me via public/private keypairs instead of by password? Use ssh-keygen on your local system to generate public and private keys. If your local system runs Windows, you can use Cygwin's ssh-keygen program. There are two types of keys that can be created using ssh-keygen, DSA and RSA. Because the construction of DSA was private in nature and RSA was not, many feel that RSA is a more secure standard because of the public scrutiny in the creation of it. It is important to hit ENTER twice when prompted for passphrase for the keys, so that no passphrase is generated (this is required for WinCVS users). To create an RSA key use: ssh-keygen To create a DSA key use: ssh-keygen -t dsa The steps listed below are used to create a DSA key. pub) and the file stored on the remote server (authorized_keys2 for DSA and authorized_keys for RSA keys). Here is a sample screencopy of what generating keys looks like: $ ssh-keygen -t dsa Generating public/private dsa key pair. ssh directory on the remote system here, renaming the file authorized_keys2 (or authorized_keys for rsa). You can copy it in various ways, such as screencopying the contents of the file on your local system and editting a new file on the remote system, pasting and saving. Or you could ftp the file to the remote system and then rename it. ssh/authorized_keys2 At this point you should be able to login to the remote system via ssh without being prompted for a password. add a note 29-Aug-2002 15:16 Generating keys using PuTTY didn't seem to work. Generating them with Cygwin's ssh-keygen instead worked fine. The key should have no passphrase, otherwise you'll still be prompted for a password. com 24-Sep-2002 21:01 It is possible to use keys with passwords (without having to input the password every time), if you are ssh'ing from a linux/unix box. com 30-Apr-2003 15:11 I failed with PuTTY but succeeded with CygWin. com 30-Apr-2003 18:33 CygWin is a Unix emulator for Windows. I successfully used it to connect via ssh after more user-friendly alternatives didn't work for me. ssh/authorized_keys2 (as recommended elsewhere on these support pages). I also ran CygWin setup to tell it where I was keeping my private key. com 28-Jan-2005 14:25 For the time being, CVS only users cannot use authenticated key pairs to login. Each person follows the first part of this FAQ to generate a public and private key pair (if they don't have one already). ssh/authorized_keys2" by following the 2nd half of the instructions in this FAQ. pub file from their local computer and paste it on a new line into the authorized_keys2 file that is on the server. Each line of the authorized_keys2 file on the server will be very long and look similar to: ssh-dss AKJHSHS/verylongline== some-user@local-hostname Each line in the authorized_keys2 file on the server corresponds to a user who can get into the account from a remote host. The remote user's remote username and remote hostname are printed at the end of each line. If you have 10 users that can get into the account, the file will have 10 lines in it, each one filled with an individual's public key info.