When you install sshd and run it with no modifications, then any other machine can connect to your machine without specifying a key. How does this work? Some key is being used, correct? how does the client know what private key to use?
View 14 Repliesi noticed that all files can be seen by another computer if the drive is accessed
can I stop this? can i set a private folder?
I'm currently successfully using the Terminal Server Client to connect to an SBS 2003 server at a remote location. I've been trying to figure out if it's possible to connect to any of the XP machines on the LAN behind it. I currently have to use RWW in IE on a VirtualBox XP machine to do that, and I'd love to be able to get rid of VirtualBox completely.
The server has 2 NICs, one connected to the internet, and the other connected to the LAN. There is only one public IP. The computer I'd most like to connect to has a static, private IP. Anybody done anything like this or have any thoughts on how to get it to work?
I looking for an algoritm to encrypt some data sent from a c program(client) to a php server(can be in perl or cgi-bin) over the internet. How should i send it in c? Some http call? Or it can be in via a perl script. Then i need some basic algoritm to encrypt it. Any ideas. How do i save the key in the c program? Just something basic so its not clear text. This is not for a bank or visacards etc
View 2 Replies View RelatedI am not very security minded...I'm aware of it, and always made sure I had up-to-date overall protection in Windows but firewalls, and the blasted passwords are largely a thorn in my side!When I got my iPhone last year I suddenly discovered password managers & "wallets" to keep all that kind of information in and syncable across different devices. My life got so much easier. Of course now I need to figure out encryption keys, and how they work (I'm clueless). I also need to find a program or system that I can move my existing low-tech info (mailnly user name & passwords) that will also accomodate the increased needs of Ubuntu security and still be sync-able. I started a little research weeks ago, but my current "wallet" only exports .csv so I quit since I'm going to have to do a lot of data entry whatever I go with.So here goes:
1) what is the difference (bare bones) between using an encryption key (e.k.) vs. a standard user created password? what situations are better suited for e.k.?
2) I have seahorse (default intall with Ubuntu I guess) but the only thing in it is Login under passwords which leads to a login keyring (?) and a drop-down list of about 6-10 of the gazillon passwords I use daily. The other tabs are for keys which I don't have any concept of.
3) I know FF also "remembers" user id & passwords as you choose to have it do so. Is that information transferable into seahorse or another program?
4)I'm also (today) getting ready to really set up my system for user names & security across my little home network. How can I integrate that into whichever program/app I go with to store my pwds and keys?
5)give me links to fairly current documentation on this stuff?
6) Any program/app recommendations.Pros/cons uses, what they can & can't do or be used for, etc.
I need to implement AIDE on my client machines. The builds on these machine are different, so each workstation will have its own specific db generated through running AIDE initially. It is not good practice to just leave the db on the machine, since an "attacker" would be able to view this information. However, at the same time I do not want to pull back over 100 different aide db's to the ftp server and have an update pull each specifically every time I need to run the check. The plan is to leave the db on the client machine, but encrypt it (using public/private keys). I need to be able to encrypt the file on the client machine. I will use a cron on the client to pull an update (from my ftp server) that runs AIDE. This update needs to be able to decrypt the file, use it running AIDE, then re-encrypt the file on the client.
View 1 Replies View RelatedI use rtorrent in slackware. I already tried to use deluge 1.2.3 and even 1.3rc1 and 1.3rc2 but I find them a little unstable. Witch is your favorite? For lot of torrents and maximum encryption?
View 14 Replies View RelatedI am building an active directory and using BIND9 as my DNS. To allow for secure dynamic updates from the domain, I am enabling GSS-TSIG as detailed here and here. Unfortunately, some of the commands and configurations used here seem to be depreciated, at least in the newer versions that I'm using. My issue is one of keytab encryption. I generated a keytab using ktpass.exe on the Windows Server 2008 domain controller. I have tried DES/MD5, AES128/SHA1 and AES256/SHA1, each have been turned down by ktutil on the kerberos server (FreeBSD). Each time, it outputs the following error: ktutil: AES256/SHA1*: encryption type AES256/SHA1* not supported *Respective to encryption used.
I cannot find a list of suitable encryption schemes that ktutil will accept. The FreeBSD handbook details a means of producing a keytab file, but I'm not sure how to configure the Domain Controller to use the keytab.
Some people have said that it's dumb to use the same key for multiple things, but for curiosity's sake, is it possible to convert one's private key to id_rsa? I know that I can convert my public key to id_rsa.pub with ``$ gpgkey2ssh [key ID] >id_rsa.pub'', and that makes me think that there should be a way to do it with my private key.
View 1 Replies View RelatedOne of my clients is considering implementing GPG or a similar technology to encrypt internal emails. (They have a different system in place already for external mail.) I've done some reading on the subject but can't seem to find any information about how one might set up a keyserver. All the discussions I've seen so far talk about uploading the public keys to a server like keyserverDoes anyone know what software packages might be used to set up our own private keyserver on a Linux machine?
View 2 Replies View RelatedIn my ~/.ssh I have a number of public keys and one private key (id_rsa). How can I verify which one makes a pair with the private one.Or, can one generate the public one from the private key (in reasonable time)?
View 4 Replies View RelatedAt the moment we have one SSH server with the private key being on a usb flash drive, and the public key being on the server in authorized_keys2. Now that three more servers are coming online, should we generate new keys, so we have muliple private and public keys (one pair for each server), or use the same two keys to access all the servers
View 5 Replies View RelatedI have a seperate partition for my "/home" folder. Whenever I install a new distro I format my "/" folder.
This way I was able to access my old home data files since I install using a different username. Everything worked fine until last Sunday.
10.10, unlike other versions of ubuntu, has encrypted my old username in my home folder.
Then using this document [url]
I was able to mount my hard drive again. But all the file and folder names are like this.
Btw I don't remember selecting an option to encrypt my old home directory in the first place, what is this ?
I am trying to use puttygen to create a ppk file that I can use with putty. I try to import the private key and it gives me the error: Couldn't load private key (ciphers other than DES-EDE3-CBC not supported). Now I obviously know this is telling me that I have the wrong cipher, but what what do I do to use the correct one? Here are the instructions that I used to create the keys.
Also, when I open the key this is the top:
- BEGIN RSA PRIVATE KEY -
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC
and then some other stuff that I don't think I should share. But the weird thing (to me atleast) is that it lists CBC right at the top there which is what puttygen wants. Why won't it accept it?
Long story short: I opted to encrypt my home, enter the passphrase and soon as I log out and rebooted, I got stuck with a message about /var/lib/ICEauthority file and other messages. So I've been trying to fix one issue at the time. The bottom line is that I'm trying to get to my private folder. Dropped in recovery mode:
[Code]...
i have found this xor encryption program
Code:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#define MAX_SIZE 256
[code]....
Its working fine, it can encrypt and decrypt. but how strong is it ? is it all depending on the specified key ?
I am looking for some software (not Tryecrypt) where I can just right click a file and it will encrypt it for me. It would be nice to unencrypt on Windows but not essential.
View 3 Replies View RelatedIs it possible to have two passwords associated with one account, one that is the actual one, and another one, a duress password, that upon entering gives a similar (desktop) environment with "decoy data"?
The idea is to have the bogus password go to an encrypted home drive that looks as if it were the real deal, but it is wiping particular sensitive (encrypted) data that is visible only with the real password in the background, so that the actual data that need to be protected are not compromised. While the person who unlocked the computer tries to find the information on it between all the rubbish files, the real files are securely wiped. The files are very sensitive in nature, so it's better to have then destroyed than have unauthorized people access them, in the event of that happening.
I happen to know that TrueCrypt has a similar option but that requires an entire decoy operating system (and I think that might be a bit conspicuous), but is there a native linux way to do it?
I have an encrypted /home partition but would like to set up a guest account for my brother. Obviously, encryption doesn't work so well when you give out the key so what I'd like to do is specify a different, unencrypted location as a home directory for the guest account so he doesn't need access to that partition. Is there a way of doing this?
I've got fedora 10, dual boot with windows, 2 hard drives, 1st is NTFS windows. 2nd is split into a swap, ext3 for the OS, and an encrypted partition for /home.
When I installed Fedora selected the option to encrypt the hard drive. I want to change the passphrase, is there a way to change the passphrase, or do I have to re-install Fedora?
View 3 Replies View Related1.) I am wondering how to enable the lock to an encrypted partition which has been unlocked, using luks? On boot, I am been asked automatically for the pass phrase to unlock my partitions. After doing a back up, I want lock the encrypted partition again, but I don't know the command?! I umounted the partition but after mounting it again, I was not asked for the pass phrase but had access to my data.
2.) How secure is the default fedora version of luks? Is truecrypt better?
When 10.04 is released I'll encrypt my /home partition using luks. I've read that xts is good for hard drive encryption and aes is good for cipher encryption. I'm looking for something that is fairly secure without sacrificing a lot of speed.
View 2 Replies View RelatedI want to create an encrypted directory using the cfs package. So far I've only been able to create the top directory. When I want to attach an encrypted directory using
Code:
cattach directory1 directory2
get the following message in command line:
Code:
RPC: unable to receive
When i look into my /crypt directory, nothing was added there. I have no idea what could be the problem. I use Ubuntu 10.04 LTS.
I am currently running 8.10 with full-disk (excluding /boot) encryption. I am going to be installing 10.04 on a new laptop, and I was wondering whether it supports multi-factor authentication. Specifically, I would like to have a keyfile on USB/SD memory that is required, in addition to the password, to decrypt the disk. Anyone know of a guide out there? So far my searches have turned up nil.
View 9 Replies View Relatedi have installed a ubuntu 10.04 (mini iso) w/ option of root encryption. Now i need to boot without ask for passphrase, but im trying to add a luks keyfile without success.i want to use a keyfile in the /boot partition or inside the initrd (cant be in external pendrive), but ubuntu aparently dont accept a keyfile in /boot or initrd file. I know, this way isnt very security, but i just need a basic encryption.So, how to force the use of a keyfile in /boot or inside the initrd for a crypt root partition?
View 5 Replies View RelatedI've been using GPG keys for about a year now to send encrypted emails to family. But now I want to try and understand more, mainly on signing keys. I've read a ton of stuff, but not fully grasping the concept. So I thought I'd check my understanding people here. Please let me know if I'm wrong on something.
Signing keys seems to be just signing someone else's public key with my private(public??) key. Does that mean I don't sign my own keys? Or should I? There seem to be lots of keyservers out there, mainly I keep hearing about the MIT one and the ubuntu keyserver. Does it matter where I upload my public key? Somewhere I read that once you upload it once, it will slowly make its way to other servers. How is that possible. If someone signs my key on one server, will that also get pushed to other servers?
I've read that blowfish encryption is much faster and still safe enough to transfer files between hosts.What's the default encryption used by openSSH? (if not already blowfish)
View 2 Replies View RelatedIs there any available Ubuntu encryption stronger than a 4096-bit DSA PGP key that is natively supported or can be supported by Evolution?
View 2 Replies View RelatedI don't care for domain 'authentication' by an "Authority". I don't trust no one, so CA's to me are as trustworthy as the gypsy in the park.
I can use a self-signed certificate, but the problem is most browsers makers are Fn idiots that say the connection is not secure, when it actually it, but because I did not folk out cash, it makes my website look bad.
I can understand the need for a 3rd party to verify the domain host to prevent man in the middle attacks, but I do not care for this.. and browser makers should take more responsibility and introduce different padlocks for types of authentication, rather than saying "this connection is encrypted, but not secure because its self-signed". What a load of horse s***!
How many times does people stop to read certificate authorities? I sure don't. I only care weather or not the connection has been encrypted.. so, I am looking for a way for simply providing encryption for my website.
From what I understand, when you submit a CSR to a CA, it includes the private key, meaning that the CA would be able to see the encrypt data, should they get hold of it. This is not acceptable for me.
Is there anything other way to use encryption other than the SSL model that is used typically amongst HTTPS browsers today?
I have a problem using PGP encryption. I am running Windows 7 operating system. I have PGP working perfectly fine when running manually through DOS mode (cmd.exe): gpg -ase --always-trust --batch --passphrase myphrase --output c: estdir estfile.csv.pgp -r someword c:estdir estfile.csv
Now the problem happens when I am trying to run same script in Perl in the browser (Perl + IIS are installed locally on my PC). The error I am getting is: gpg: no default secret key: No secret key gpg: C:\testdir\testfile.csv: sign+encrypt failed: No secret key
From what I understand, the secret key is created under my user profile. IIS runs under some default user name, so it does not see the secret key. I am not sure how to solve this problem.