> 3b) ssh key only authentication
And generate new keys too, just incase anyone ever got them before.
___
Discuss mailing list
Discuss@lopsa.org
http://lopsa.org/cgi-bin/mailman/listinfo/discuss
This list provided by the League of Professional System Ad
Here's what I got so far ... suggestions?
On Tue, Feb 2, 2010 at 8:21 AM, Edward Ned Harvey wrote:
>> 3b) ssh key only authentication
>
> And generate new keys too, just incase anyone ever got them before.
>
>
Title: CTF-Cutsheet
CTF-Cutsheet
Table of Contents
1 CTF Cutsheet - Defenders
On Tue, Feb 2, 2010 at 12:14 PM, Joseph Kern wrote:
> Here's what I got so far ... suggestions?
I presumed you'll be attacked immediately, so my first thought was to
shut off inetd right away, then use "netstat -n -l" to see if there
are other services to shut down. Then I'd configure a secure (
>From a quick look through the responses, it seems like we've been focusing
>mostly on remote attacks. Looks like you're allowing SSH (w/o root access).
>Watch for local vulnerabilities.
-Original Message-
From: discuss-boun...@lopsa.org [mailto:discuss-boun...@lopsa.org] On Behalf Of
I keep hearing keys only ssh ... I'll add that too. But I do have a
question. If the students are not allowed to bring in outside laptops
(to store their private keys on), this would seem like a bad idea.
Public and Private keys would both be installed on the servers.
I've attached the latest vers
> I keep hearing keys only ssh ... I'll add that too. But I do have a
Why is it so common to jump to the conclusion that keys-only-ssh is more secure
than passwords? I somewhat or sometimes disagree with this. When you use ssh
keys, it's a virtual certainty that the keys are stored on the clie
On Tue, 2 Feb 2010, Edward Ned Harvey wrote:
>> I keep hearing keys only ssh ... I'll add that too. But I do have a
>
> Why is it so common to jump to the conclusion that keys-only-ssh is more
> secure than passwords? I somewhat or sometimes disagree with this. When you
> use ssh keys, it's a
On Tue, Feb 2, 2010 at 9:06 PM, Edward Ned Harvey wrote:
>> I keep hearing keys only ssh ... I'll add that too. But I do have a
>
> Why is it so common to jump to the conclusion that keys-only-ssh is more
> secure than passwords?
My assumption is that during the contest the laptops that would ss
da...@lang.hm wrote:
>
> The real answer in production is to use a token authentication that is not
> accessable to someone who hacks the client machine, but this is a game
> where such infrastructure is not feasible.
But OTP via OPIE is certainly doable.
--
John H. Robinson, IV jh..
