> On Wed, Apr 09, 2008 at 08:49:29AM +1200, Chris Bannister wrote:
>> On Sun, Apr 06, 2008 at 10:46:25AM -0500, Dave Sherohman wrote:
>> > My (admittedly limited) understanding of public key crypto is that the
>> > public and private key are connected by the relationship of two
>> extremly
>> > lar
On Wed, Apr 09, 2008 at 08:49:29AM +1200, Chris Bannister wrote:
> On Sun, Apr 06, 2008 at 10:46:25AM -0500, Dave Sherohman wrote:
> > My (admittedly limited) understanding of public key crypto is that the
> > public and private key are connected by the relationship of two extremly
> > large prime
On Sun, Apr 06, 2008 at 10:46:25AM -0500, Dave Sherohman wrote:
> On Fri, Apr 04, 2008 at 02:43:58AM +0200, s. keeling wrote:
> > Brian McKee <[EMAIL PROTECTED]>:
> > > On 3-Apr-08, at 1:23 PM, Dave Sherohman wrote:
> > > > Unless they take the time to successfully factor the
> > > > public key,
>
On Sun, Apr 06, 2008 at 10:46:25AM -0500, Dave Sherohman wrote:
> In practice, any decent public key system will use large enough primes
> that this is a "Got a supercomputer or a botnet and a good bit of time?"
> case which makes brute-forcing an md5 password file look easy, but I
> like to be c
On Fri, Apr 04, 2008 at 02:43:58AM +0200, s. keeling wrote:
> Brian McKee <[EMAIL PROTECTED]>:
> > On 3-Apr-08, at 1:23 PM, Dave Sherohman wrote:
> > > Unless they take the time to successfully factor the
> > > public key,
> >
> > Can you expand on that sentence? I'm not sure what you meant by
On Thu, 3 Apr 2008 12:23:34 -0500
Dave Sherohman <[EMAIL PROTECTED]> wrote:
[snip]
> When using public key auth, copy *only* your public key to the server.
> (ssh-copy-id is a handy way to automate this.) So long as your private
> key remains secure, there is very little risk to an attacker gett
Brian McKee <[EMAIL PROTECTED]>:
> On 3-Apr-08, at 1:23 PM, Dave Sherohman wrote:
> > Unless they take the time to successfully factor the
> > public key,
>
> Can you expand on that sentence? I'm not sure what you meant by it.
I imagine he means a brute force crack. Got a supercomputer or
bot
Douglas A. Tutty <[EMAIL PROTECTED]>:
>
> Well, does the desktop need to run sshd at all, and if so, does it need
> to listen to "outside" addresses? If not, and you've deactivated
> password logins and you've deactivated root logins, you could give
> anyone the root password and there's noth
On Wed, Apr 02, 2008 at 08:33:34PM -0500, Russell L. Harris wrote:
> * s. keeling <[EMAIL PROTECTED]> [080402 19:28]:
> > Russell L. Harris <[EMAIL PROTECTED]>:
> > >
> > If the server's compromised, you should reinstall.
>
> My concern is not for corruption of the server. My concern is whethe
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 3-Apr-08, at 1:23 PM, Dave Sherohman wrote:
Unless they take the time to successfully factor the
public key,
Can you expand on that sentence? I'm not sure what you meant by it.
Other than that I wholeheartedly agree with the suggestion to use
On Wed, Apr 02, 2008 at 10:33:35AM -0500, Russell L. Harris wrote:
> It is convenient to use "scp" for transferring files between the
> desktop machine in the LAN and the server, and to use "ssh" for
> remote maintenance of the server, again from the desktop machine
> in the LAN. A
Russell L. Harris <[EMAIL PROTECTED]>:
>
> In other words, if I were to give you free access to my server, so
> that you could inspect all the system files, would you be able to
> deduce the password and passphrase, which are the same as those which
> I use on the desktop machine?
You just de
* s. keeling <[EMAIL PROTECTED]> [080402 19:28]:
> Russell L. Harris <[EMAIL PROTECTED]>:
> >
> If the server's compromised, you should reinstall.
My concern is not for corruption of the server. My concern is whether
-- if I employ on the server the same password and passphrase which I
employ
Russell L. Harris <[EMAIL PROTECTED]>:
>
> Is there a major or unreasonable security risk if the sysop creates
> on the server an account with the same username, password, and
> passphrase as his account on the desktop machine?
Same username is a convenience, account passwords need not be the
sam
SYSTEM:
(1) firewall/router (SmoothWall Express 2.0) which (using NAT)
provides and protects both a "green" zone for a LAN and an
"orange" zone ("DMZ") for a publicly-accessible server
(2) ftp or http server in the DMZ
(3) desktop machine in the LAN from which the sysop
Russell L. Harris:
>
> Such remote maintenance of the server from a machine in the LAN
> becomes tedious unless there is on each machine an account with
> the same username, password, and passphrase.
Not true. You can log into another machine with any username you want.
Either you pro
On 01/04/2008, Russell L. Harris <[EMAIL PROTECTED]> wrote:
>
> SYSTEM:
>
> (1) firewall/router (SmoothWall Express 2.0) which (using NAT)
> provides and protects both a "green" zone for a LAN and an
> "orange" zone ("DMZ") for a publicly-accessible server
>
> (2) ftp or http server
SYSTEM:
(1) firewall/router (SmoothWall Express 2.0) which (using NAT)
provides and protects both a "green" zone for a LAN and an
"orange" zone ("DMZ") for a publicly-accessible server
(2) ftp or http server in the DMZ
(3) desktop machine in the LAN from which the sysop
18 matches
Mail list logo
