How can I enable passphrase along with the password for login via ssh ? In that whenever I login from server A to server B via ssh, it should ask me for a password and then passphrase to allow me access.
OR
Can we have multiple passwords to login via ssh ?My basic need is to have 2 levels of password.
Simply, the number of possible combinations of passwords increases as an exponent of the number of characters used and as a factor of the number of characters available for use.
26 potential characters for a 2 character password results in 26^2 possible password combinations. This means that each new character added would result in an "order of magnitude" increase in the difficulty of brute force attack.
Using a phrase, complete with punctuation and capitalization is the very best mnemonic device to remember a password. Consider this, how hard is it to remember; The quick brown fox jumped over the lazy dog.
Than it is to remember, l33tsp34kp@ssw0rd
If we pretend that both of these passphrases are generated from a character set consisting of 26 characters, the first would be one of a possible 15274273784216769021564085930704478424313742483024 510976. The second would be one of a possible 1133827315385150725554176.
In short, use a passphrase not a password, they are much MUCH more secure.
I'm trying to add a key to a new slot from a keyfile that I created, but I keep getting an error and I don't know what the problem is.
Code:
root@ubuntu:~# cryptsetup luksAddKey --key-slot 1 /dev/sda5 -d /media/Ubuntu_10_04/etc/cryptkeys/swap.key
No key available with this passphrase.
content of swap.key
Code:
nBPeNCr_PS-yEv5SYEyyzaEextllDLo7aHs7yZGW9dtC48GDlte6WYQe7iG2poJr84U6twxu1DImZcyoBPB1q1AjYAanPsre7qLr7VnN4G6u1x_WG-sja6U_pvnks9CTgcD4UmfBw9mkrU3YY4GknQXtpLvkiBkM1soJ0SYYQ2r-7CDZJvaiYJb9eOKKbMsjlrEG39IBdQwdcEp3D7PK5paTYZdVHU2ygrJvJy-sJly4oqb2274DO8hbYviQsPdawetglkhhhhhhh98h4erwjerfkasjnfhsahfocLnBPeNCr_PS-
[code]....
I need an non-interactive, symetric, passphrase mechanism that can be used on machines beyond my sys-admin control. Currently, I use the Python code (with variants):
Stat, Output = commands.getstatusoutput(
"gpg -c --passphrase=%s '%s'"%(Password, TarFileName))
to encrypt and decrypt files (tar balls). The "Password" is generated by a Python code on a singular removable flash drive. It worked with FC11 and Windows, but with FC13 I get an interactive dialog, which gets canceled, and then: can't connect to `/home/{a user id}/.gnupg/S.gpg-agent': No such file or directory
gpg-agent[3432]: command get_passphrase failed: Operation cancelled
gpg: cancelled by user
gpg: error creating passphrase: Operation cancelled
gpg: symmetric encryption of `testdata' failed: Operation cancelled
The operator does not know the pass phrase. This is a single user mechanism which relies upon the mounting of the special flash drive to work. The application is portable across many platforms and hosts, but can only be used by the possessor of the flash drive.
i have installed a ubuntu 10.04 (mini iso) w/ option of root encryption. Now i need to boot without ask for passphrase, but im trying to add a luks keyfile without success.i want to use a keyfile in the /boot partition or inside the initrd (cant be in external pendrive), but ubuntu aparently dont accept a keyfile in /boot or initrd file. I know, this way isnt very security, but i just need a basic encryption.So, how to force the use of a keyfile in /boot or inside the initrd for a crypt root partition?
View 5 Replies View RelatedI have currently a file server that runs on Fedora 9, and all other PCs (mostly running Windows XP) access the file server via SAMBA. Everything works perfectly! However, lately a home invasion in my neighborhood got me thinking. If they take my file server, my data is not protected. So, I would like to implement the LUKS partition encryption (/home) which sits on a separate disk. However, I don't quite like the decryption process at boot time. In other words, I would like to wake up the file server (WOL) remotely, and when it's done booting, I would like to log-in using the other PCs and enter the passphrase remotely to decrypt /home. Is this possible using LUKS encryption (i.e., cryptsetup)? If not, what would be another alternative to what I am trying to do using a secure encryption (so that the data is safe from thieves)?
View 4 Replies View RelatedI have an encrypted disk, using LUKS / dm-crypt, on Fedora 14.Every time I boot, I am immediately prompted for the passphrase. This happens VERY early in the boot process, and is a graphical screen (ie not console text). If I hit escape, I am prompted in a text-mode for the same passphrase. If I hit escape or return a few times, boot continues normally.
I only mount the disk occasionally, and don't want to be prompted at boot for the passphrase to luksOpen the disk at boot. I manually cryptsetup luksOpen and then mount it when I want access. I just don't want to be asked at boot, and don't want to unlock it until I do so manually.Does anyone how how I can tell Fedora to not attempt to decrypt / mount this filesystem at boot?It's not in /etc/fstab. I should mention, no LVM, just mdadm raid5 on the partition + luks /dm-crypt.
How to change the passphrase for crypted partitions in F14?
View 1 Replies View RelatedHello everI'm really confused by the ways an encrypted partition get mounted.It just mounts the partition without asking for the passphrase used to create it. I can list the files in /mnt/sda2, create a new file test.txt, but have no access to the files written to the "real encrypted partition".Then I can see/change the content of the encrypted partition but without being able to see/change the file test.txt created previously with the normal mount command.
The reason I'm asking is that I'm having my custom Debian to automount every partition available on the system at boot time. Is there any way/command to tell if a particular partition is encrypted (by cryptsetup) or not? So that I can mount it the right way and not make the users confused (or even harm the encrypted data).
I was wondering whether increasing the strength of a key by increasing the number of bits in the key to 2048 makes any sense if I want to leave the passphrase blank anyway? I'm setting up passwordless ssh logins on my LAN as I'm a bit tired of constantly being asked for a password.
View 7 Replies View RelatedWhen I set up an ID in Ubuntu, I encrypted it. I did a print screen of the passphrase and put it on the desktop. I'm just learning how to use the encryption so don't fault me for putting it right on the desktop. There is no important data in this ID. Now, I went and changed my password to the account. On the next boot, I got a few error message:
Could not update ICEauthority file /home/mickymouse/.ICEauthority
There is a problem with the configuration server /usr/lib/libconf2-4/gconf-sanity-check-2 exited with status 256 In researching these, it looks like the problem is that I changed the password but didn't update (or something) my passphrase.
I can't boot into the GUI but I have figured out how to boot to a command prompt. I don't have access to my home directory because I don't have my passphrase. Am I toast or is there a way to recover / update the passphrase?
I just installed the testing version of Debian with the option to setup encrypted home directories. I used a passphrase that I now want to change to something else. How do I do that?
View 4 Replies View RelatedI am using RHEL 5, how to enable ACl in /etc/fstab
View 2 Replies View RelatedI have in /etc/selinux/config:
Code:
SELINUX=enforcing
SELINUXTYPE=mls
Do I have MLS enabled? I can't use Selinux commands. I thought MLS is sort of package to Selinux. I fallowed this:
Code:
[code].....
My newly installed Fedora-14 (64-bit) has SELinux disabled. I can't find any way to enable it. I tried to set it manually in /etc/selinux/config to enforcing or permissive but nothing happens after reboot. In GUI configuration tool it is set to disabled and grayed out so that there is no way to enable it there. Is there another way to enable SELinux?
View 11 Replies View RelatedI had a Centos install that corrupted the boot and would only boot to GRUB. After about a week of trying linux rescue and various measures I gave up and installed a fresh copy of Centos on /dev/hda which is a 40 GB drive. All my data was on /dev/sda which I did not overwrite and is a 1TB SATA drive. I added sda to the LVM of hda now and is recognized as part of Partition 2 - using the GUI Logical Volume Management. My problem is I can't seem to figure out how to retreive my data from the sda2 drive. This is what I've tried. code...
View 9 Replies View RelatedI recently installed Deluge 1.2.0 from the following PPA:[URL]I using this on two different Linux computers. One is running Linux Mint 8 and the other is running Ubuntu Netbook Remix 9.10. The first time on either computer when I enable WebUI in the Deluge GUI it works fine. However if I ever disable it in plugins section I am subsequently unable to re-enable it (doesn't appear in the side panel again). Rebooting or reinstalling Deluge seems to have no effect.Is this a bug or am I doing something wrong?
View 3 Replies View RelatedWe have enabled DOT1x security (8021x) in our wired network for testing purpose. but to get enable that facility our account should be a domain account so that it will get certifiy from the certificate server through RADIUS server. But in Fedora We are unable to get certified from the certificate server how ever if we are loging in through Root user or any local user in fedora we are able to get IP and able to work in net as well as connected to domain. but after loging off we are unable to login to domain account. I need to login throuhg Domain Account by using DOT1X security.
View 1 Replies View Related1.) I am wondering how to enable the lock to an encrypted partition which has been unlocked, using luks? On boot, I am been asked automatically for the pass phrase to unlock my partitions. After doing a back up, I want lock the encrypted partition again, but I don't know the command?! I umounted the partition but after mounting it again, I was not asked for the pass phrase but had access to my data.
2.) How secure is the default fedora version of luks? Is truecrypt better?
How to enable ipv6 in snort. I read that it must compilate with --enable-ipv6 but still don't know how?
View 2 Replies View Relatedhow to enable direct login of root via ssh?I find and info that i just need to update /etc/ssh/sshd_config, but i couldn't see that file in the location.
View 14 Replies View RelatedI need to allow ICMP ping for one host only. I found out how to enable it to all hosts (ICMP Filtering, check ping) but I would like to reduce the scope to one host. I know I can add rules in the user_post script but I can't find the correct iptables command ...
View 4 Replies View RelatedI am trying to learn how a buffer overflow works, but I need to have an executable stack for it to work. How do i enable this for an individual program? I am using Arch linux and X86_64 btw
View 3 Replies View RelatedAnyone can tell me how to enable and config auditd in linux kernel 2.6.9-5.EL. I have only found command auditd and auditctl in server that run kernel 2.6.9-5.EL. I ran auditd & and can saw auditd ran in my server. But I couldn't do anything with auditctl, no status, no rules, nothing :| . I tried to find audit.rules or auditd.conf but that nothing I can find.
View 1 Replies View RelatedWanted to restore laptop to Windows 7 and put Ubuntu on another machine.
The Laptop is an Acer and the Win 7 disks go into a propitiatory recovery screen. I have 3 choices reload Win 7 to new state, Load Win 7 and put everything in backup or Exit.
I have loaded the Ubuntu 10:10 Live and downloaded ms-sys. The problem is Ubuntu is unable to mount the HDD - not in fstab.
I have Ubuntu and Win 7 on the HDD.
Is TightVNC enable HTTP access inUbuntu 9.04?I use sudo apt-get install tightvncserver in the terminate and I can use VncViewer to view the ubuntu, but i cann't use webbrowser to view the utuntu.How can I access ubuntu in other pc with webbrowser?
View 7 Replies View RelatedI am using Fedora 14. By default Security Enhanced Linux is enabled in Fedora 14. Now is there any way to disable it by command line and then again enable it through command line.
View 3 Replies View RelatedHow do you enable a login screen? When I turn on my computer I only get command line. When I log into root I can start my KDE desktop using startx. But if I log into any other user I get the following errorX: usser not authorized to run the X server, aborting.giving up.xinit: No such file or directory (errno 2): unable to connect to X serverxinit: No such process (errno 3): Server error.
View 3 Replies View RelatedHere is my problem: I had a 500GB HDD, with the fallowing partitions:
C - 100GB - NTFS - Windows 7
D - 300GB - NTFS - (for staffs)
H - 100GB - NTFS - unused
Yesterday I installed Ubuntu on tha last one (H), wishing to keep also the others two partitions. Now I can not access the first two, I don't see them any more. In my Disk Usage appears only the linux partition and one "Unallocated Space" of 400GB
Do you think that i have a chance to recover my data from the two partitions that I can't see them? code...
Is there a way to enable a web interface to access openssh-server on my vps incase i'm on a network that does not permit outbound port tcp 22 or any other port of my choosing?
View 1 Replies View Related