Hi,
On Sat, Mar 30, 2024 at 08:57:14PM +, fxkl4...@protonmail.com wrote:
> so is this a threat to us normal debian users
If you have to ask, i.e. you do not know how to check that your
Debian install is secured against extremely well known recent
exploits that have been plastered across the e
On 2024-03-30, fxkl4...@protonmail.com wrote:
> so is this a threat to us normal debian users
> if so how do we fix it
Debian stable is not affected, Debian testing, unstable and
experimental must be updated.
https://lists.debian.org/debian-security-announce/2024/msg00057.html
alton wrote:
>>
>> Seems relevant since Debian adopted xz about 10 years ago.
>>
>> -- Forwarded message -
>> From: Andres Freund
>> Date: Fri, Mar 29, 2024 at 12:10 PM
>> Subject: [oss-security] backdoor in upstream xz/liblzma leading to s
eund
> Date: Fri, Mar 29, 2024 at 12:10 PM
> Subject: [oss-security] backdoor in upstream xz/liblzma leading to ssh
> server compromise
> To:
>
> Hi,
>
> After observing a few odd symptoms around liblzma (part of the xz package) on
> Debian sid installations over the l
Hello,
On Fri, Mar 29, 2024 at 01:52:18PM -0400, Jeffrey Walton wrote:
> Seems relevant since Debian adopted xz about 10 years ago.
Though we do not know how or why this developer has come to recently
put apparent exploits in it, so we can't yet draw much of a
conclusion beyond "sometimes people
On Fri, Mar 29, 2024 at 01:52:18PM -0400, Jeffrey Walton wrote:
> Seems relevant since Debian adopted xz about 10 years ago.
>
Also note that this has been addressed in Debian:
https://lists.debian.org/debian-security-announce/2024/msg00057.html
Provided here for the benefit those who are not sub
On Thu, Mar 5, 2020 at 7:46 AM Richard Hector wrote:
> On 5/03/20 12:10 pm, Keith Bainbridge wrote:
> > On 5/3/20 8:37 am, Richard Hector wrote:
> >> I am installing it from
> >> debian-10.3.0-amd64-xfce-CD-1.iso.
>
> No I didn't. The OP (Cichas) did.
>
> > Is this CD #1 of the set of 3 or 4 or m
On 5/03/20 12:10 pm, Keith Bainbridge wrote:
> On 5/3/20 8:37 am, Richard Hector wrote:
>> I am installing it from
>> debian-10.3.0-amd64-xfce-CD-1.iso.
No I didn't. The OP (Cichas) did.
> Is this CD #1 of the set of 3 or 4 or more? The .deb you are looking for
> may be on one of the other CDs.
On Mi, 04 mar 20, 18:00:12, john doe wrote:
> On 3/4/2020 4:32 PM, Cichas wrote:
> > I have checked the ISO image and SSH server should be on it
> > (/pool/main/o/openssh/openssh-server_7.9p1-10+deb
> > 10u2_amd64.deb) so that's also not reason why it is not offered t
from debian-10.3.0-
> amd64-xfce-CD-1.iso. As it is in remote location with problematic Internet
> access I wanted to do offline install. After several attempts I figured out
> that it is not possible to install SSH server from "Install" menu (text
> mode) if I will do it as offlin
On Wed, 04 Mar 2020 16:32:42 +0100 (CET)
Cichas wrote:
>
> Hello guys,
>
> sorry if this is documented somewhere but today I decided to ask here
> as it is something fundamental I cannot understand. After 20 years I
> decided to try Debian again (as VM for start). I am installing it
> from debi
On 5/3/20 8:37 am, Richard Hector wrote:
I am installing it from
debian-10.3.0-amd64-xfce-CD-1.iso.
Is this CD #1 of the set of 3 or 4 or more? The .deb you are looking for
may be on one of the other CDs.
I agree with the suggestion to try the DVD. Seems the 'netinstall' is
the opposite
amd64-xfce-CD-1.iso. As it is in remote location with
> problematic Internet access I wanted to do offline install. After
> several attempts I figured out that it is not possible to install SSH
> server from "Install" menu (text mode) if I will do it as offline
> install without a
.3.0-
> amd64-xfce-CD-1.iso. As it is in remote location with problematic Internet
This is a cd where I would try a DVD.
> access I wanted to do offline install. After several attempts I figured out
> that it is not possible to install SSH server from "Install" menu (text
>
problematic Internet
access I wanted to do offline install. After several attempts I figured out
that it is not possible to install SSH server from "Install" menu (text
mode) if I will do it as offline install without allowing to use mirror.
Which makes no sense. If I have Internet access
On Mon, Oct 07, 2019 at 04:00:43PM +0100, mick crane wrote:
> Are all [systemd] services daemons ?
No. Systemd services have "types". Some of these types (simple, forking)
can reasonably be called daemons, because they run a program, or suite
of programs, which is expected to stick around for a
On 2019-10-07 14:28, Greg Wooledge wrote:
On Sat, Oct 05, 2019 at 08:42:51PM +0100, mick crane wrote:
after checking through /etc/ssh/sshd_config on the server
basic use is
systemctl start sshd.service
systemctl stop sshd.service
systemctl restart sshd.service
systemctl enable sshd.service ( sho
On Sat, Oct 05, 2019 at 08:42:51PM +0100, mick crane wrote:
> after checking through /etc/ssh/sshd_config on the server
> basic use is
> systemctl start sshd.service
> systemctl stop sshd.service
> systemctl restart sshd.service
> systemctl enable sshd.service ( should start sshd at boot )
> system
to figure out how to check if ssh is running using
> >> systemD which is of course what Debian and Raspbian use.
> >>
> >> However my search term
> >>
> >> system d check ssh server is running
> >
> > If it's the client on the same PC you&
On 2019-10-05 20:03, Paul Sutton wrote:
On 05/10/2019 17:15, mick crane wrote:
On 2019-10-05 17:01, Paul Sutton wrote:
Hi
I am trying to figure out how to check if ssh is running using
systemD which is of course what Debian and Raspbian use.
However my search term
system d check ssh server
t;>
>> However my search term
>>
>> system d check ssh server is running
>
> If it's the client on the same PC you'd know. if sshd "systemctl
> status sshd" or "ps ax | grep ssh"
Hi
Thanks for this, should be really helpful. To give
On 2019-10-05 17:01, Paul Sutton wrote:
Hi
I am trying to figure out how to check if ssh is running using systemD
which is of course what Debian and Raspbian use.
However my search term
system d check ssh server is running
If it's the client on the same PC you'd know.
if sshd
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
I am trying to figure out how to check if ssh is running using systemD
which is of course what Debian and Raspbian use.
However my search term
system d check ssh server is running
Yielded
https://cplusprogrammer.wordpress.com/2016/10/17/how
Piotr Martyniuk wrote:
> I have hardware router which allows to configure VPN. I managed to set
> it up on my laptop (debian Stretch) in the NetworkManager applet. So
> now I can connect from office to outside word using my home router as
> a proxy (when I check my IP it shows the IP of my router)
I have hardware router which allows to configure VPN. I managed to set
it up on my laptop (debian Stretch) in the NetworkManager applet. So
now I can connect from office to outside word using my home router as
a proxy (when I check my IP it shows the IP of my router).
I can also connect to one lin
On 09/28/2014 04:04 PM, Alexis wrote:
> softwatt writes:
>
>> I meant an SSH client.
>> I did not know that some non-root apps allow that. Thanks.
>>
>> However, rooting gives you a fully fledged GNU/Linux terminal, which
>> has SSH, Rsync, Busybox, etc.
> ConnectBot can also give one a termi
softwatt writes:
> I meant an SSH client.
> I did not know that some non-root apps allow that. Thanks.
>
> However, rooting gives you a fully fledged GNU/Linux terminal, which
> has SSH, Rsync, Busybox, etc.
ConnectBot can also give one a terminal for the device on which it's running.
A no-root
On 09/28/2014 03:03 PM, Erwan David wrote:
> Le 28/09/2014 14:00, softwatt a écrit :
>> > This may or may not be relevant: Rooting android makes it possible to
>> > use it as an SSH *client*.
>> >
> You mean server ? Because you have ssh clients for non rooted android...
>
> I use connectbot, but
Le 28/09/2014 14:00, softwatt a écrit :
> This may or may not be relevant: Rooting android makes it possible to
> use it as an SSH *client*.
>
You mean server ? Because you have ssh clients for non rooted android...
I use connectbot, but there are others
signature.asc
Description: OpenPGP digi
This may or may not be relevant: Rooting android makes it possible to
use it as an SSH *client*.
signature.asc
Description: OpenPGP digital signature
On 26/09/2014 16:24, Vincent Lefevre wrote:
On 2014-09-22 18:05:00 +, Eduardo M KALINOWSKI wrote:
I've used this one (mostly for copying files):
https://play.google.com/store/apps/details?id=berserker.android.apps.sshdroid
The last time I tried SSHDroid, it automatically started a server
w
On 2014-09-22 18:05:00 +, Eduardo M KALINOWSKI wrote:
> I've used this one (mostly for copying files):
> https://play.google.com/store/apps/details?id=berserker.android.apps.sshdroid
The last time I tried SSHDroid, it automatically started a server
with the default root password "admin"! So, a
> partially). Probably you'll need a rooted phone.
>
> Depending on what is needed, to move files and such between my phone and
> the computer, AirDroid has worked very well for me.
>
Sometime ago I found it suitable running Dropbear SSH Server:
https://matt.ucc.asn.au/dro
android
> > phone from PC. I'm looking for a opensource project, because i'll
> probably
> > make customizations.
>
> Terminal IDE does have an ssh server. But it idoesn't get you control
> over the entire device
>
> Well, if you want something more
On Tue, Sep 23, 2014 at 9:13 PM, Danilo Sampaio
wrote:
> Hi Joel,
>
> Terminal IDE is not exactly what i'm looking for. I need control my android
> phone from PC. I'm looking for a opensource project, because i'll probably
> make customizations.
Terminal IDE d
:
> >
> > Hi guys,
> >
> > I know this topic is somewhat out of debian context, but someone knows a
> opensource project like a SSH Server for Android, with X11 Session Forward
> Support?
> >
> > Thanks.
>
> Not exactly what you're looking for,
2014/09/23 2:24 "Danilo Sampaio" :
>
> Hi guys,
>
> I know this topic is somewhat out of debian context, but someone knows a
opensource project like a SSH Server for Android, with X11 Session Forward
Support?
>
> Thanks.
Not exactly what you're looking for, bu
On Mon, Sep 22, 2014 at 04:13:47PM -0300, Danilo Sampaio wrote:
> When said "...with X11 Session Forward Support", i mean SSH Server, like
> SSDDroid, that implements a software layer for a transparent X11 forward
> emulation. This feature would be useful for execute my android
* On 2014 22 Sep 14:24 -0500, Eduardo M KALINOWSKI wrote:
> If what you some way to control your phone via your PC, SSH X11 Forwarding
> won't help. But there may be applications that allow that (at least
> partially). Probably you'll need a rooted phone.
Depending on what is needed, to move files
On Seg, 22 Set 2014, Danilo Sampaio wrote:
When said "...with X11 Session Forward Support", i mean SSH Server, like
SSDDroid, that implements a software layer for a transparent X11 forward
emulation. This feature would be useful for execute my android applications
from my PC, lik
ture would be useful.
Hi Eduardo, thanks for the answer.
When said "...with X11 Session Forward Support", i mean SSH Server, like
SSDDroid, that implements a software layer for a transparent X11 forward
emulation. This feature would be useful for execute my android applications
from my PC
On Seg, 22 Set 2014, Danilo Sampaio wrote:
I know this topic is somewhat out of debian context, but someone knows a
opensource project like a SSH Server for Android, with X11 Session Forward
Support?
I've used this one (mostly for copying files):
https://play.google.com/store/apps/detai
Hi guys,
I know this topic is somewhat out of debian context, but someone knows a
opensource project like a SSH Server for Android, with X11 Session Forward
Support?
Thanks.
--
*Danilo Sampaio*
Analista de Sistemas Sr. | Application Services
*Capgemini | Brasil*
Tel.: 55 85
On Ma, 07 mai 13, 14:18:48, Default User wrote:
> Okay, thanks guys.
>
> I think I will skip the ssh-server task, as a security measure (they can't
> pick a lock that isn't there).
>
> I will also skip the print-server task for now, and just add that once I
>
On Tue, 7 May 2013 12:09:58 -0500
Default User wrote:
>
> Any opinions?
Adding to what others posted, one case when SSH might be useful
is when bad bug happens to your GUI desktop that prevents you
even from switching to terminal to resolve the situation.
In such case (provided that you have ac
ection
> > to outside world, not used for office or business purposes.
> >
> > The installer asks what pre-selected software "task groups" are to be
> > installed. Pre-selected are:
> > - desktop environment
> > - standard utilities
> >
Okay, thanks guys.
I think I will skip the ssh-server task, as a security measure (they can't
pick a lock that isn't there).
I will also skip the print-server task for now, and just add that once I
get a new printer.
On Tue, May 7, 2013 at 12:09 PM, Default User wrote:
> Hi.
>
e installer asks what pre-selected software "task groups" are to be
> installed. Pre-selected are:
> - desktop environment
> - standard utilities
> - print server
> - ssh server
>
> In this scenario, I am not sure why the print server and ssh server
Le 07/05/2013 19:24, Lars Nooden a écrit :
On Tue, 7 May 2013, Default User wrote:
[snip]
In this scenario, I am not sure why the print server and ssh server are
pre-selected. Are the really useful, or would they just take up space and add
complexity?
Any opinions?
The ssh server takes up
installer asks what pre-selected software "task groups" are to be
> installed. Pre-selected are:
> - desktop environment
> - standard utilities
> - print server
> - ssh server
>
> In this scenario, I am not sure why the print server and ssh serv
On Tue, 7 May 2013, Default User wrote:
[snip]
> In this scenario, I am not sure why the print server and ssh server are
> pre-selected. Are the really useful, or would they just take up space and add
> complexity?
>
> Any opinions?
The ssh server takes up little space an
installed. Pre-selected are:
- desktop environment
- standard utilities
- print server
- ssh server
In this scenario, I am not sure why the print server and ssh server are
pre-selected. Are the really useful, or would they just take up space and
add complexity?
Any opinions?
Ivan Shmakov wrote:
> Bob Proulx writes:
> > 2. Ensure that sshd is listening on port 22.
>
> > $ netstat -na | grep '0.0.0.0:22'
> > tcp0 0 0.0.0.0:22 0.0.0.0:*LISTEN
>
> As IPv6 is slowly conquering the world, I'd be checking for
> :::22 just as w
> Bob Proulx writes:
> RiverWind wrote:
>> I used to be able to "ssh" from my shellworld account into my Linux
>> box before I got the latest version of the squeeze disk. I am not
>> able to do so now. Exactly what needs to be set up or in place in
>> order for me to once again be abl
On Sat, 14 May 2011 23:15:33 +0900
Joel Rees wrote:
...
> Disable root login on ssh entirely. (/etc/ssh/sshd_config has that
> enabled in my more-or-less default install. That is, I think, so you
> don't find yourself in a catch-22 when installing remotely. Should be
> in a list of things to do
On Fri, May 6, 2011 at 6:14 AM, George wrote:
> I have a computer at home that I'm doing some research on and I set up
> an SSH server on it so I can access it from other computers at home. I
> haven't opened up the network to the internet yet though, as I'm not
> confi
On Jo, 05 mai 11, 23:09:02, Brian wrote:
>
> You can be confident that the default Debian install of openssh-server
> has a configuration which is very safe. There is nothing for you to do.
While I wouldn't say that the Debian (actually upstream?) configuration
is unsafe, there are ways to impro
On 06/05/11 21:37, Wolfgang Karall wrote:
Hello,
On Fri, May 06, 2011 at 05:00:18PM +0100, Dom wrote:
However, libpam-opie seems to have been dropped by Debian after squeeze,
due to lack of support, some security issues, and no updates for quite a
few years.
I run Wheezy, is there a supported
On 06/05/11 22:37, Wolfgang Karall wrote:
Hello,
On Fri, May 06, 2011 at 05:00:18PM +0100, Dom wrote:
However, libpam-opie seems to have been dropped by Debian after squeeze,
due to lack of support, some security issues, and no updates for quite a
few years.
I run Wheezy, is there a supporte
Hello,
On Fri, May 06, 2011 at 05:00:18PM +0100, Dom wrote:
> However, libpam-opie seems to have been dropped by Debian after squeeze,
> due to lack of support, some security issues, and no updates for quite a
> few years.
>
> I run Wheezy, is there a supported alternative to libpam-opie?
A q
Robert Brockway wrote:
> Yes it would keep logs a bit cleaner. I've never[1] changed the ssh port
> on any host and never been terribly worried about the state of the logs as
> a result.
I tend to take a different view: if I can get rid of "rubbish" from the
logs then it makes it easier for a
On Fri, 6 May 2011, Brian wrote:
A strong password is no less secure in brute force terms than a key so
Oh yes it is. A strong password may take a very long time to brute force,
but that isn't what you said.
Breaking an arbitrarily long key pair is regarded as being
cryptographically infe
On Thu, 5 May 2011, Rob Owens wrote:
I hesitate to mention this, because it will start an argument about
security through obscurity, but you can run your ssh server on a port
other than 22. It really does nothing for security, but it will keep
your firewall logs a lot cleaner because it avoids
Hi folks
On 06/05/11 16:33, Jerome BENOIT wrote:
Hello List !
For the "connect from untrusted computers" there are one-time-passwords.
I've used libpam-opie in the past with great success for the occasional
connection from internet cafe's for example.
By googling, I found this web page:
h
On 05/06/2011 02:50 PM, cac...@quantum-sci.com wrote:
On Friday 6 May, 2011 05:15:23 Brian wrote:
What you're missing is the difference between someone trying to hack from the
client machine... and a remote script trying to brute-force your server. Big
difference.
No I'm not. But p
Hello List !
For the "connect from untrusted computers" there are one-time-passwords.
I've used libpam-opie in the past with great success for the occasional
connection from internet cafe's for example.
By googling, I found this web page:
http://andrewho.co.uk/weblog/securing-authentication
On 06/05/11 15:11, Wolfgang Karall wrote:
On Fri, May 06, 2011 at 01:08:52PM +0100, Brian wrote:
Keyloggers would get the key passphrase too. And the USB stick
would have its contents pilfered. So, keys don't appear to give any
advantage over passwords on an untrusted machine.
combined with
On Fri, May 06, 2011 at 01:08:52PM +0100, Brian wrote:
> Keyloggers would get the key passphrase too. And the USB stick
> would have its contents pilfered. So, keys don't appear to give any
> advantage over passwords on an untrusted machine.
For the "connect from untrusted computers" there are one
On Friday 6 May, 2011 05:08:52 Brian wrote:
> I'm unsure whether you mean 'prevent' because neither keys nor passwords
> can stop brute forcing attempts. If you mean a key (256 characters) is
> stronger than a password (20 characters) I'd agree. But the key is no
> more secure than the password. No
On Fri, May 6, 2011 at 15:08, Brian wrote:
> On Fri 06 May 2011 at 13:48:23 +0300, Dotan Cohen wrote:
>
>> However, keys are good to prevent brute-force attacks. Think of it
>> like a 256-character password using the entire ASCII field. Also, keys
>> are not susceptible to keyloggers.
>
> I'm unsu
On Friday 6 May, 2011 05:15:23 Brian wrote:
> > What you're missing is the difference between someone trying to hack from
> > the
> > client machine... and a remote script trying to brute-force your server.
> > Big
> > difference.
>
> No I'm not. But please explain the difference, bearing in mi
On Fri 06 May 2011 at 04:51:16 -0700, cac...@quantum-sci.com wrote:
> On Friday 6 May, 2011 02:13:52 Brian wrote:
> > A strong password is no less secure in brute force terms than a key so
> > there is no reason to disallow it on those grounds. You can also be sure
> > you have never left it at ho
On Fri, May 6, 2011 at 12:23, George wrote:
>> No, the attacker needs to HAVE your private key and KNOW the pass phrase
>> for that key. Assuming you keep your key secure and have a decent pass
>> phrase his life should be very difficult indeed.
>
> He still needs to guess a string, just like he d
On Fri 06 May 2011 at 13:48:23 +0300, Dotan Cohen wrote:
> However, keys are good to prevent brute-force attacks. Think of it
> like a 256-character password using the entire ASCII field. Also, keys
> are not susceptible to keyloggers.
I'm unsure whether you mean 'prevent' because neither keys no
On Fri, May 6, 2011 at 14:45, Brian wrote:
>> Could you please expand on this a bit please. I'm not sure that I
>> understand the relevance. If there is some fine document that I should
>> be reading then a link to it would be appreciated. I like to read the
>> fine manual, but for this hole in my
On Fri 06 May 2011 at 13:39:48 +0300, Dotan Cohen wrote:
> Could you please expand on this a bit please. I'm not sure that I
> understand the relevance. If there is some fine document that I should
> be reading then a link to it would be appreciated. I like to read the
> fine manual, but for this
On Friday 6 May, 2011 02:13:52 Brian wrote:
> A strong password is no less secure in brute force terms than a key so
> there is no reason to disallow it on those grounds. You can also be sure
> you have never left it at home or elsewhere.
What you're missing is the difference between someone tryin
On Fri, May 6, 2011 at 11:43, Brian wrote:
>> I'm prepared to be wrong here but, aren't the hosts.* configs just for inetd
>> / xinetd and (possibly) portmap? And, IIRC, ssh installs as an init script
>> on debian?
>
> Daemons can also be linked against libwrap. sshd is (ldd /usr/sbin/sshd).
>
Co
On Fri, May 6, 2011 at 12:13, Brian wrote:
>> You could run Debian Live on a USB stick (or any other live distro,
>> really). Boot your work machine with that, and you will have a trusted
>> machine. Use that to ssh to your home machine.
>
> I suppose this 'trusted machine' doesn't have a key lo
George:
> On 5/6/11, Jochen Schulz wrote:
>
>> You can authenticate to an OpenSSH server using a password, or using a
>> keyfile. On the client side, simply run 'ssh-keygen' to create a
>> keypair.
>
> So the attacker needs to guess my private key instead of my password.
Exactly.
> How does th
On Fri, May 6, 2011 at 12:02, Tom Furie wrote:
> No, the attacker needs to HAVE your private key and KNOW the pass phrase
> for that key. Assuming you keep your key secure and have a decent pass
> phrase his life should be very difficult indeed.
>
Yes, but using that key on a computer that he doe
On Fri, May 6, 2011 at 09:06, shawn wilson wrote:
>> I suppose you could keep your public key with you on a USB drive and
>> only put it on the computer when you need it, however I'm not sure how
>> secure that would be :/
>>
>
> Something you have - thumb drive
> Something you know - the ip / nam
On Fri 06 May 2011 at 11:54:28 +0300, George wrote:
> So the attacker needs to guess my private key instead of my password.
> How does that make his life more difficult, assuming my password was
> very strong?
It is easy to construct a password which would take 10,000 years to
guess or brute forc
On Fri 06 May 2011 at 02:06:17 -0400, shawn wilson wrote:
> Something you have - thumb drive
> Something you know - the ip / name of your machine
With an untrusted machine on a network you do not control both are
capable of becoming the property of someone else.
> It's two factor enough imo.
>
On Thu 05 May 2011 at 20:54:12 -0400, Rob Owens wrote:
> You could run Debian Live on a USB stick (or any other live distro,
> really). Boot your work machine with that, and you will have a trusted
> machine. Use that to ssh to your home machine.
I suppose this 'trusted machine' doesn't have a
Rob Owens wrote:
> [...] you can run your ssh server on a port other than 22
I can thoroughly recommend this. Actually, to be pedantic, you can set
port forwarding from your router's port N to your server's port 22.
Other people have mentioned that you should put AllowUsers in you
On 5/6/11, Tom Furie wrote:
>> So the attacker needs to guess my private key instead of my password.
>> How does that make his life more difficult, assuming my password was
>> very strong?
>
> No, the attacker needs to HAVE your private key and KNOW the pass phrase
> for that key. Assuming you ke
On Fri, May 06, 2011 at 11:54:28AM +0300, George wrote:
> On 5/6/11, Jochen Schulz wrote:
>
> > You can authenticate to an OpenSSH server using a password, or using a
> > keyfile. On the client side, simply run 'ssh-keygen' to create a
> > keypair.
>
> So the attacker needs to guess my private k
On Fri 06 May 2011 at 01:59:10 -0400, shawn wilson wrote:
> I'm prepared to be wrong here but, aren't the hosts.* configs just for inetd
> / xinetd and (possibly) portmap? And, IIRC, ssh installs as an init script
> on debian?
Daemons can also be linked against libwrap. sshd is (ldd /usr/sbin/ssh
On 5/6/11, Jochen Schulz wrote:
> You can authenticate to an OpenSSH server using a password, or using a
> keyfile. On the client side, simply run 'ssh-keygen' to create a
> keypair.
So the attacker needs to guess my private key instead of my password.
How does that make his life more difficult,
George:
> On 5/6/11, Jochen Schulz wrote:
>
>> If you only allowing key-based authentication and install security
>> patches in a timely manner, the risk from running a public OpenSSH
>> server is low. Expect brute-force attempts to login using weak
>> passwords, though. If you only allow key log
On May 5, 2011 8:15 PM, "Perry Thompson" wrote:
>
> On 05/05/2011 06:46 PM, cac...@quantum-sci.com wrote:
> > On Thursday 5 May, 2011 15:09:02 Brian wrote:
> >> Use a strong password or ssh keys for access to the server. The
question
> >> is whether you trust the machine you use at work.
> >
> > O
> 2] in /etc/hosts.allow limit access to sshd accordingly (sshd: );
I'm prepared to be wrong here but, aren't the hosts.* configs just for inetd
/ xinetd and (possibly) portmap? And, IIRC, ssh installs as an init script
on debian?
rt an argument about
security through obscurity, but you can run your ssh server on a port
other than 22. It really does nothing for security, but it will keep
your firewall logs a lot cleaner because it avoids pesky scripts that
circulate the internet, trying to brute force ssh servers.
A good
* On 2011 05 May 19:56 -0500, Rob Owens wrote:
> I hesitate to mention this, because it will start an argument about
> security through obscurity, but you can run your ssh server on a port
> other than 22. It really does nothing for security, but it will keep
> your firewall logs a
rt an argument about
security through obscurity, but you can run your ssh server on a port
other than 22. It really does nothing for security, but it will keep
your firewall logs a lot cleaner because it avoids pesky scripts that
circulate the internet, trying to brute force ssh servers.
-Rob
--
To
On Thursday 5 May, 2011 17:15:11 Perry Thompson wrote:
> On 05/05/2011 06:46 PM, cac...@quantum-sci.com wrote:
> > On Thursday 5 May, 2011 15:09:02 Brian wrote:
> >> Use a strong password or ssh keys for access to the server. The question
> >> is whether you trust the machine you use at work.
> >
On 05/05/2011 06:46 PM, cac...@quantum-sci.com wrote:
> On Thursday 5 May, 2011 15:09:02 Brian wrote:
>> Use a strong password or ssh keys for access to the server. The question
>> is whether you trust the machine you use at work.
>
> OK, say you -don't- trust your machine at work. Workarounds?
>
I know all that. But it still will ask for a password if you do not have the
key, and thus is open to brute-force.
On Thursday 5 May, 2011 16:21:39 Jerome BENOIT wrote:
> http://wiki.debian.org/ssh#ssh_without_password
>
> On 06/05/11 00:24, cac...@quantum-sci.com wrote:
> > On Thursday 5 May,
http://wiki.debian.org/ssh#ssh_without_password
On 06/05/11 00:24, cac...@quantum-sci.com wrote:
On Thursday 5 May, 2011 14:43:13 Jochen Schulz wrote:
Expect brute-force attempts to login using weak
passwords, though. If you only allow key logins, you can ignore that.
And how is that done? W
1 - 100 of 171 matches
Mail list logo
