Security :: SSH Config - What's To Stop The MIM From Making A Substitution Of Keys During The Initial Exchange
Oct 20, 2010
Ive been running ssh to log into server for long time. Recently a x-win app reported that it suspects a man in the middle attack (MiMA), so I want to tighten this up, but it seems to me if there is a MiM, then the initial key exchange is vulnerable to a substitution. This is on solaris, but since its a basic concept I'm ot getting, it shouldnt matter,
Here's the gist of what I read:
- create users key pair,
- enable host authentication (ssh_config file on client and sshd_config file on remote host)
- start an ssh session and accept the remote hosts key (and I assume the remote host will take client users key and store some where)
Questions:
1. What's to stop the MIM from making a substitution of keys during the initial exchange?? Shouldn't the keys be initially transfered in a more secure fashion??
2. Does the server just accept new keys from any existing user who want to create an ssh session? So if some one knows a username and password (such as the owner of an application they know is running) couldn't they just create their own keypair and have the server accept them?
View 5 Replies
ADVERTISEMENT
May 11, 2011
I am trying to exchange keys between two party using diffie and helman can some body give me simple code using java, C or openssl or site to do that
View 1 Replies
View Related
Jul 27, 2010
I seem to have a problem that a lot of people have: My work uses exchange server 5.5/2007. Does evolution still not support this? I tried to set it up and it tells me that it won't work with exchange 5.5.
View 4 Replies
View Related
Mar 26, 2010
I cannot receive mail from my POP server; I used the same settings as I previously did with Thunderbird but I keep recieving an error message "La lecture de salutations valides du serveur POP pop.videotron.ca a �chou�" (roughly: exchange with the POP server failed).I am able to connect to the Internet and to other mail accounts with Evolution.
View 1 Replies
View Related
Mar 23, 2010
I've installed mailman on 9.10, using apt-get, have apache2 setup already. However I'm getting 403 forbidden issues when trying to access [URL] I may have mucked something up as initially i jumped straight in and created a virtualhost and played around with the URL redirects. but as far as I can see, it's back to its default and it's still not working... When I try to access the page, in my apache error.log, i get this:
Quote:
[Wed Mar 24 02:36:37 2010] [error] [client 192.168.1.1] attempt to invoke directory as script: /usr/lib/cgi-bin/mailman/
I've tried check_perms, it does give this error:
Quote:
root@babel:/etc/apache2# check_perms
/var/lib/mailman/templates bad group (has: root, expected list)
/var/lib/mailman/bin bad group (has: root, expected list)
/var/lib/mailman/cgi-bin bad group (has: root, expected list)
[code]....
View 1 Replies
View Related
Jun 7, 2011
I just finished my third edit of an article/tutorial I wrote on setting up RSA keys in OpenSSH and configuring SSHD to be a bit more secure than a fresh out of the box install. I also removed any derogatories about sudu Linux that might have been there Anyway, since it's kind of a big deal for anyone who uses it, and could potentially lock them out of their boxes I'd appreciate any comments related to the accuracy of the instructions, if you don't mind [URL]
View 10 Replies
View Related
Apr 17, 2010
I have installed the following successfully.
Ubuntu Server 9.10
MySQL
Apache
Now I wish to make my own mail server for my organisation we already have a ISP server but would like to act this for our local delivery and store mails something like what a daemon does. For this I did the following:
Installed fetchmail
Installed send mail
Installed exim
Installed squirell
And now I am completely lost. How do I setup from here. So that I can configure the server.
My server spec are:
PIV 2.8GHZ, 512MB ram, 80GB HDD, HIS MOtherboard, lan card. I don't have any DNS or other stuff here in our office.
View 4 Replies
View Related
Jun 14, 2010
They do work sometimes but then after a while, they stop working completely. I'm not sure why...
View 2 Replies
View Related
Jul 5, 2010
On SuSE 10.0 I used to have an app simply called, "Dictionary" and it was placed in the Office > Database section of the kicker menu. I can't seem to find that app anywhere for OpenSUSE 11.2. Did they stop supporting/making it?
View 3 Replies
View Related
Jul 29, 2009
I have just installed tripwire. I have created a baseline db using the default policy file. Then I checked the output of the db to see what I did not have on my filesystem that db was searching for (according to the default policy when tripwire was installed), I then changed my default clear text policy file accordingly and used twadmin to generate a new tw.pol file.
Next I come grinding to a halt after this (assuming the next thing is to update the policy in tripwire right? )
Code:
View 2 Replies
View Related
Jun 7, 2011
I am not very security minded...I'm aware of it, and always made sure I had up-to-date overall protection in Windows but firewalls, and the blasted passwords are largely a thorn in my side!When I got my iPhone last year I suddenly discovered password managers & "wallets" to keep all that kind of information in and syncable across different devices. My life got so much easier. Of course now I need to figure out encryption keys, and how they work (I'm clueless). I also need to find a program or system that I can move my existing low-tech info (mailnly user name & passwords) that will also accomodate the increased needs of Ubuntu security and still be sync-able. I started a little research weeks ago, but my current "wallet" only exports .csv so I quit since I'm going to have to do a lot of data entry whatever I go with.So here goes:
1) what is the difference (bare bones) between using an encryption key (e.k.) vs. a standard user created password? what situations are better suited for e.k.?
2) I have seahorse (default intall with Ubuntu I guess) but the only thing in it is Login under passwords which leads to a login keyring (?) and a drop-down list of about 6-10 of the gazillon passwords I use daily. The other tabs are for keys which I don't have any concept of.
3) I know FF also "remembers" user id & passwords as you choose to have it do so. Is that information transferable into seahorse or another program?
4)I'm also (today) getting ready to really set up my system for user names & security across my little home network. How can I integrate that into whichever program/app I go with to store my pwds and keys?
5)give me links to fairly current documentation on this stuff?
6) Any program/app recommendations.Pros/cons uses, what they can & can't do or be used for, etc.
View 9 Replies
View Related
Oct 11, 2010
I have updated to 10.10 and now my ir remote is simulating keyboard arrow keys which is causing problems in applications like Boxee. The weird thing is if I stop lircd it still simulates the keyboard arrow keys.
Does anyone know how to stop the keyboard arrow keys from triggering when the ir remote up, down, left or right buttons are pressed?
(Here are all the IR config files)
hardware.conf
Code:
# /etc/lirc/hardware.conf
#
#Chosen Remote Control
REMOTE="Streamzap PC Remote"
REMOTE_MODULES="lirc_dev streamzap"
[Code]....
View 2 Replies
View Related
Mar 10, 2011
I set up a linux 10.10 desktop to run as a "server" for me. I then loaded Xrdp so that we can remote connect to the machine. My issue now is, i need to add users other than the initial account i created, but when i log into the desktop remotely, it will not let me add a new user. I cant seem to use any of the boxes in the User Settings command box. Does anyone have any suggestions?
View 9 Replies
View Related
Oct 16, 2010
I'm running Kubuntu 10.10, with KDE 4.5.2, what I've noticed is every so often my Tab, Caps, Shift, Ctrl, Alt, Super keys stop working. I'd been running Ubuntu 10.04 with Gnome and hadn't ever come across this issue. I'm not sure if this is related to KDE 4.5.2 or is possibly because I updated to 10.10 and would also occur on a Gnome environment.If I switch to my virtual machine (VMWare Workstation 7.1.2 build-301548 which I was able to get working on 10.10 using URL.... the keys work within that but if I switch back to my host desktop they stop working.To fix it I've found logging out or unplugging the keyboard and plugging it into a different USB port fixes it.
View 1 Replies
View Related
Jan 2, 2010
Im a total beginner when it comes cryptography and networking. Finally managed to create a connection with OpenVPN on Ubuntu to a vpn provider called ivacy. On this page:http://ivacy.com/en/doc/user/setup/winxp_openvpn they give configuration files and keys, which I used. The question is, if someone wanted to see my network traffic, could they do it using the keys provided on that page. Reading the OpenVPN documentation i saw that it is also possible to create your own keys. Would that be more secure?
View 10 Replies
View Related
Jul 25, 2010
After using an iPhone, I'm totally jealous of the ".com" key. Anyone know how to remap a physical key to type a phrase like ".com". Ideally, I'd like to set a rarely used key like the Windows button or an F-key to be a ".com" button and when you press shift it becomes a ".org" or ".net" button.
View 2 Replies
View Related
Jan 15, 2010
I have the proper drivers for the g11/g15 keyboard installed and I need to know how to set the g-keyes up themselves.
View 2 Replies
View Related
Jan 13, 2010
I have generated SSH *.pub and *.ppk keys.
Where should I put them so that they are automatically used and available when e.g. issuing an ssh ....
command in Terminal?
View 9 Replies
View Related
Feb 6, 2010
I'm having trouble logging in with SSH using RSA keys.
client: Karmic
server: FreeNAS (FreeBSD) ip: 192.168.0.100
I generated RSA keys on Karmic, added the id_rsa.pub to the authorized_keys file on FreeNAS, then removed the id_rsa.pub from Karmic (this is a poorly documented but necessary step I learned).My Karmic username is shawn, FreeNAS username is shawnboy.from Karmic it prompts me for my RSA key passphrase which it should do, but after I enter it, it fails and moves on to prompt me for my password. I know this isn't a FreeNAS forum, but this works perfectly using Putty SSH with RSA keys on Windows XP, so I figure it's more appropriate to ask here than in FreeNAS forums.
View 7 Replies
View Related
Feb 9, 2010
Short description of the difference between GPG and SSH keys?
Also, is it possible to combine the two keys? Meaning I can just use one key for both applications?
View 5 Replies
View Related
Sep 29, 2010
Scenario 1. I am doing this from /home/deploy directory I am trying to set up ssh with github for capistrano deployment. this has been an absolute nightmare. when I do ssh git@github.com as the deploy account I get Permission denied (publickey). so may be the key is not being found, so If I do a ssh-add /home/deploy/.ssh/id_rsa Could not open a connection to your authentication agent. (i did verify that the ssh-agent was running) If I do exec ssh-agent bash and then repeat the ssh-add then the key does get added and I can ssh into github. Now I exit from the ssh connection to my server and ssh back in and I can't ssh into github anymore! Scenario 2 if I login to my remote server and then cd into my .ssh directory and ssh into github then it all works fine I guess there is a problem with locating the key and for some reason the agent isn't funcitoning correctly.
View 2 Replies
View Related
Jul 20, 2011
My primary Ubuntu server has SSH exposed to the internet so I can remotely access it. I have configured OpenSSH to use only RSA key authentication. Each computer I use has a separate RSA key unique to it. I also have a unique RSA key on a USB thumb-drive I carry with me. The purpose of the USB key is for emergencies if I have to access the server from some remote system. The problem is that I may not trust the remote machine (university/public library computer for example).
What I would like to do is have a set of one-time use RSA keys that, after I log in to SSH with them, are removed from the authorized_keys file. This would hopefully keep my system safe even if the remote machine I was using was compromised and had copied my private key and key-logged the password I used to decrypt it. I would like to have these keys be separate from the keys I have for my trusted computers.
View 3 Replies
View Related
Feb 11, 2010
I have enabled ssh key based logins for one of my servers and disabled normal password based logins. It just occurred to me that the public key which I generated on my pc, and uploaded to the servers authorized_keys, may in fact only apply to my local PC / user account. So basically if my system crashes I would have no way to login to the server...? Is it not possible to "share" public keys so other people (PCs / accounts) can use them?
View 3 Replies
View Related
Feb 19, 2010
I've installed the ssh server on my Ubuntu desktop and the very first time I accessed the server from my laptop, it got a message asking me whether to permanently add the key of the server. After I added this, it gave me a message saying that the key had been permanently added. My question is how do I remove this key? I just want to know how to do this because I'm going to disable password based logins and I want to start anew.
View 6 Replies
View Related
Sep 22, 2010
I want to block some ips permanently ie. even I as the root user cannot unblock these ips without having to format the whole system.
So i thought if some blocking software provided passwords for editing rules and I put a 'junk' password there and so that I can't delete the rules without the 'junk' password which I don't know.
So I examined iptables and I saw that it is a kernel module so there is no use of that since I can probably throw it away.
But the basic question is to block ips and gulp the key.
View 5 Replies
View Related
Jul 5, 2010
Since I have installed Fedora 13 it seems that I can't connect to WLAN APs which aren't secured by WPA. I'm surprised about the inserts to the messages logfile:
[Code]...
Most surprising insert for me: Jul 5 20:43:21 nbtobiaslnx NetworkManager[1328]: <info> Config: added 'key_mgmt' value 'WPA-PSK' Is this the reason for my problem? I use KDE and Network Manager for managing my networkconnections.
View 1 Replies
View Related
Jun 1, 2010
What is the easiest way to encrypt plain text content with a password only? I need to encrypt client login information, but I hate dealing with all the unnecessary complexities of Linux's encryption systems.
I know I am going to get a bunch of people telling me how perfect Seahorse and whatever is, but Seahorse and the default /home directly encryption have both given me too many problems when decrypting my information. I prefer to preserve my data rather than using these methods.
View 9 Replies
View Related
Aug 25, 2010
Can i login to my server using my root account and create a public+private key for one of my users and then manually paste it into his authorized_keys file and give him the private key?
The user im giving it to has a chrooted FTP account...
Is it still ok that i used the root account to create it? He is not going to have root access or nothing is he? This is not a security breach in any way is it?
The user doesn't have shell access to create their own so this is the only way i can think of doing it...
Also what access should the user have to their .ssh folder + the authorized_keys file...?
Are they allowed to read the key? What about write?
View 9 Replies
View Related
Sep 8, 2010
I recently upgraded to Ubuntu 10.04. I love the passwords and keys application, but was somewhat surprised at the lack of a context menu in gnome to encrypt a file.
In general, I cannot find how to encrypt files using the keys I generate. Maybe I'm missing something? Probably, I just thought since Ubuntu comes with OOB key generation it would have OOB encryption capabilities.
I've read about seahorse and other ways to ADD encryption, I'm just wondering if ubuntu does it natively. It'd be a good idea to add to brainstorms, right click and encrypt.
View 6 Replies
View Related
Jan 30, 2011
Ubuntu 10.10 Server is loaded. Openssh has been loaded.
I have multiple users which need access to server via ssh.
My impression from reading about ssh is that a key needs generated for each person. Thus, each key will have a passphrase that is unique to them.
In /etc/ssh/sshd_config, the default sshd_config suggest using:
%h/.ssh/authorized_keys
My assumption is %h is a variable that will allow the current user to use the public key stored in his home directory under the .ssh folder in a file called authorized_keys. Is their a command string that automatically populates the authorized_keys file?
I am surprised that even though there are a number of hidden (e.g. .****) files located in the home folder, there is not one automatically generated as .ssh. It appears I have to create that directory myself. I am especially surprised by this since it appears the instructions for generating a key seems to load the key in the home directory instead of proceeding to create a .ssh folder to store the keys in.
It is not clear, but it appears that the public key needs to be copied or appended to the authorized_keys file, but, using the scheme above, the public key needs to be copied or appended to each users authorized_keys file instead of appending all public keys to a single authorized_keys location.
It then appears that each persons authorized_keys file needs permissions set to 600.
It also appears that if I decide to use RSA instead of DSA, I would do the same thing above but would use authorized_keys2 file instead.
Why doesn't the home folder which gets automatically set up for each user automatically get a .ssh folder generated? i.e Why does it have to be created by hand? Does it need the same permission on the .ssh folder? ie 600?
My aim is to allow many to log on via ssh simultaneously and then allow many to simultaneously vnc into their respective gnome desktops.
View 6 Replies
View Related
