Ubuntu Security :: SSH Server - Username / Password Encrypted
Jan 31, 2010
There was a recent thread in this forum regarding capturing of SSH passwords via the use of wireshark. The thread subject was closed, which is a decision that I both agree with as well as agree with the reasoning behind. The thread, however, raised a point of curiosity and concern that I would like to ask about. Quoting from a the book, SSH, The definitive guide,
The client authenticates you to the remote computer's SSH server using an encrypted connection, meaning that your username and password are encrypted before they leave the local machine. The SSH server then logs you in, and your entire login session is encrypted as it travels between client and server. Because the encryption is transparent, you won't notice any differences between telnet and the telnet-like SSH client.
I was under the impression that SSH was impervious to this type of eavesdropping, and quite frankly I take great comfort in that idea. I personally, only allow RSA keys for SSH access and (hopefully) avoid this problem (?) as a result. Does SSH really have a vulnerability in that the authentication is sent via plain text? How to ensure the security of SSH and not on anything that could be considered a how to 'crack' it.
View 6 Replies
ADVERTISEMENT
Jun 4, 2011
I've been using ubuntu 9.10 for years and never been asked for username and password, always started straight away. Today I started the computer, it's asking for them and doesn't accept the password so it's trapped in a loop. I changed the password, no luck, the username when starting seems to be different from the one when I'm changing it. Something like "Mart Di", versus "mart". Tried both with new and old passwords. Does the password expireor something?
View 7 Replies
View Related
Apr 25, 2011
I'm running Thunderbird with Enigmail, and I have this very annoying problem. When I open an encrypted email for the first time, it asks me for my key password. It then remembers my password. This is fine for a few minutes, since I don't want to enter the password every time if I look at seven emails in five minutes. However, I WOULD like it to EVENTUALLY forget. At the moment, it doesn't even forget if I shut off Thunderbird. I have to restart my computer, in fact.
The preferences for Enigmail don't help. I've configured it to remember the password for 0 minutes, for example. I don't know how to edit the preferences for gpg-agent or anything else like that.
View 2 Replies
View Related
Mar 10, 2010
When I first installed 9.04 (from scratch), I chose the option to have my entire account encrypted... I used the same password as my login password, and wrote down the key hash that it displayed for me just like instructed... everything was working terrific...Well, yesterday, I wanted to change my account password. I changed my account password, and it took effect immediately (I tested it by using "sudo -s" to see if I could elevate to root from the terminal... worked just fine). Being satisfied with my new password, I shut my computer down...
The next time I started it up and tried to log in to my account, it I put in my username and password and pressed enter, and it accepted it just fine, and started to boot to my desktop... it then immediately prompted me with something about "your session lasted less than 10 seconds, try starting in failsafe mode" or something along those lines, and immediately booted me out and back to the gdm login screen... I thought it was just a glitch so I tried again... same thing... gave me the "less than 10 seconds" prompt and booted me back to the gdm...
I thought maybe my filesystem became corrupted, but I didn't give up... I attempted to login to my fiancee's account, and it worked just fine! Using her account, I was able to quickly and safely boot into her desktop environment with no errors...I opened a terminal and used the "su" command to access my account... When I did this, it gave me some kind of error and told me to run ecryptfs (can't remember exactly which command... now). I ran ecryptfs and put in my NEW password... it told me that the passphrase was incorrect. So just out of curiosity, I ran it again, and this time put in my OLD passphrase, and it worked immediately! At this point, I realized that my gdm login password got changed, but my ecryptfs passphrase did not, and the two were not matching up (I assume that on login, gdm passes this password on to ecryptfs, and that when the two did not match up, it was booting me out with the whole "session lasted less than 10 seconds" prompt...)...
So what I did at this point was, while logged into my girlfriend's account, I "su"'d into my account, and used the passwd command to change my password back to my OLD password... once the password was changed back successfully, I restarted my computer and tried to log into my account from the gdm... worked perfectly this time with the old (original) password...When you change your session password, shouldn't it automatically change the encyrption password to match? Or at the very least, warn you that if your account is encrypted, you must take further steps to make these two passphrases match? Also, what command would I use to change my "ecryptfs" password to manually match my session password?
View 4 Replies
View Related
Nov 27, 2010
I've created encryption systems on servers, but nearly always I have stored the password somewhere on the machine itself. The file is always 0600 to the relevant user, but a systematic analysis of my system could easily find the scripts that invoke decryption and discover the password. (The most blatant example of this is mounting SMB shares with the "-o credential_file" option where both the username and password are plain-text. In the cases where I've used this, the security of the share hasn't particularly mattered.)
Soon I might be faced with storing "patient health information" (PHI in the healthcare world) whose privacy is heavily regulated by the provisions of the US law called HIPAA. I've been thinking about creating an encrypted partition to hold the PHI, but I need a highly fault-tolerant method for obtaining the key from a different machine than tha server itself. At first, I thought about running a script using scp and shared keys to copy the key from the remote, use it to decrypt the partition, then erase it. I'd like to be able to do this with a pipe; otherwise I'll write the key in a non-persistent location like /dev/shm.
I need more than one machine to make this work to ensure I can obtain the key when needed (like at boot). One solution is to place copies of the key on multiple servers and try each of them until I find it. A more elegant solution would place the key in a DNS TXT record. I suspect I could use LDAP for this as well, but OpenLDAP and I have never really been on speaking terms. So does this make sense? I presume I can write a bash script to do all this at boot. Most of what will be stored in this partition is the PostgreSQL database in /var/lib/pgsql and perhaps some other files.
My understanding of encrypted file systems is that they are only encrypted when unmounted. When mounted they must be as visible to the operating system as an unencrypted partition. I suppose you could apply encryption to every single disk transaction, but that would require knowing the key all the time, and would seem to add a lot of overhead.
View 1 Replies
View Related
Apr 12, 2009
I have F10 installed on my laptop with disk encryption enabled. When I boot the machine I get a "Password:" request on screen but can't start typing for 30 seconds or more.Presumably the OS is not ready. This means I have to wait at the keyboard tapping a key until I see asterix. It's a waste of time and frankly a bit clunky for a modern OS. How can I change the behaviour so that the "Password:" request only appears when I can actually type?
View 4 Replies
View Related
Sep 24, 2010
Im using opennms network configuration backup server called 'RANCID'.It run on top of RHEL5 system and using APache. Here's the link which i'm accessing [URL] But any one can access this URL and obtain my configuration files
I want to secure this using a logon page.allow login Only for the successful authentications by entering the predefined username and password But after get authenticate book marking the above URL still can access anyone since it didnt prompt username and password again In eachtime executing the above url it should direct to authenticate page
View 5 Replies
View Related
Jan 21, 2011
ssh to server without username and password
View 1 Replies
View Related
Jun 22, 2010
Is it possible to somehow setup an ssh server that doesn't require a username,password or cert to login?I wish to provide shell access to a console program, which will prompt for a username and password.Encryption is essential though, and users must not be able to snoop in on each other
View 9 Replies
View Related
Jul 26, 2011
Im reading a lot on how to rync to an ftp server but none of the steps are telling me how to do it on servers that use normal authentication.Example I want to keep /var/www in sync with a folder on an ftp server in a folder called /cdn/.Id like to see all files and folders in sync, not just a compressed file etc
View 2 Replies
View Related
Mar 23, 2011
I'd like to manually mount my nfs share mount -t nfs ipaddress:/nfsshare /mnt/nfsfolder but would like to include a userid and password option via command (not via fstab), since the nfs share has different credentials than the server where I'm mounting to. What's the proper switch to include in this line?
View 1 Replies
View Related
May 3, 2010
i installed acronis on the server end , the problem is that i have disabled the graphical interface on the server i have a acronis management console on a windows system where the image is being created when i try to connect to the linux server it prompts for username and password after i give the credentials then i get this error
[Code]...
View 2 Replies
View Related
Jan 13, 2011
I bought a firefox extension which support proxy with username and password, but seems only http version and not socks 5 server which I already have installed on server. I know for privoxy, but privoxy don't support username/password. Is there anything else what works with username/password? Also what is different between http and socks5?
View 3 Replies
View Related
Jan 10, 2011
I started a new job and they use LDAP here. I built a new RHEL 5.5 server and configured LDAP. Usernames are recognized but the password is not. I can chown a file to a user name but when I try to login as the user it won't accept the password.I know the password is correct because I can login to any of the old boxes and it accepts the password. I ran authconfig-tui to tell my RHEL box to authenticate to ldap.
View 1 Replies
View Related
Sep 21, 2009
I have set up my samba server. I tested from my windows side, all the public ones works fine except the [homes]. Here is my [homes] setting:
Code:
[homes]
comment = Home Directories
browseable = yes
writable = yes
The homes is suppose to let each user see his/her own home directory. But I tested at the windows side, I found that windows doesn't even prompt me about username or password, it just directly give me "not accessible" error. How do I config so my windows side at least prompt me about username/password?
View 12 Replies
View Related
Feb 18, 2011
I wish to download a webpage, which is secured by username and password, using WGET. The thing is there are many forms on that page and I dont know how to tell WGET which one should it send (by POST method) the parameters. I have solved it till this so far:
wget --post-data="predmet=xxx" --http-user="yyy" --http-password="zzz" [URL]
It gets through the authentication but it will not submit the form.
View 3 Replies
View Related
Feb 12, 2010
what is the default username and password to access the firefly daap server?
View 1 Replies
View Related
Sep 24, 2010
i am trying to write a telnet server without username/password function. how to implement such function? the source code from inetutils seems complicated..
View 8 Replies
View Related
May 13, 2010
I have set it up, but I'm not sure whether the admin username and password are set correctly. How do I confirm? Also, if someone has any links explaining the format of an LDIF file.
View 8 Replies
View Related
Apr 25, 2010
Ok I am new to all this, I did have a server years ago but have forgotten most of what I learned. My problem is getting ftp to connect to the server. I have centos and it has proftpd but I'm lost when it comes to the conf file. I created a user in plesk but when I try to connect with any ftp software it accepts the username but rejects any password. I have tried a million combinations but I just can't get my head around this. I have used it before many years ago and managed ok but that was using webmin. I feel I've bitten off more than I can chew with this server although I have managed everything else
View 2 Replies
View Related
Apr 7, 2011
Iam using centos5.i had installed qmail as MTA.when iam login through squirrel mail it gives login error invalid username or password.And then i tried with domain.
View 2 Replies
View Related
Feb 16, 2011
We have Ubuntu 8.04 running on our mail server and remote smtp connection does not work.
When trying to send with a client such as Thunderbird it complains about a wrong usernamepassword.
Receiving mail with IMAP and POP3 works fine through Thunderbird. Both receiving and sending mail through a web interface(horde) works.
I can remotely telnet the server at port 25 and this is the output of ehlo:
Code:
250-**server address**
250-PIPELINING
250-SIZE 25000000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
code....
View 6 Replies
View Related
Jul 4, 2010
I installed Apache Tomcat6,every thing is running fine but facing problem in Tomcat administration webapps:- in manager webapp [URL] in this i am using username=manager password=s3cret but not it is not authenticating with these credentials in host-manager webapp [URL] in this,i am using username=admin password=s3cret
but it is also not authenticating with these credentials i edited file /etc/tomcat6/tomcat-users.xml
[Code]...
View 2 Replies
View Related
Mar 7, 2011
I installed Ubuntu 10.10 64 on my laptop with the entire 500gb setup as encrypted LVM. This has worked well for several months with no problems. During this time i have been backing up the data to an external usb drive (1tb) on a regular basis. The usb drive was not encrypted. So, I thought it would be a good idea to encrypt the backup drive too. I wiped out the backup drive and set it up as one large encrypted lvm and mbr. This seemed to work fine but immediately afterwards I decided to erase that and set it up as encrypted lvm guid instead of mbr. I couldn't delete it while logged into my desktop so i decided to do it from a bootable gparted usb stick. In gparted i erased the 1TB backup drive once again and planned on setting it up the way I wanted once I was logged back into my ubuntu desktop. Now I cant boot into my desktop with the following errors:
cryptsetup: evms_activate is not available b0d) does not begin with /dev/mapper/
Then after waiting for a few minutes I get an error followed by (initramfs)
When booting from a live version of ubuntu the 250MB boot patition is recognized and 500 partion is there but it is labeled as empty/unused.
Also, I did choose to use the exact same passphrase as what is used on the main bootable drive when I set up the encrypted partition on the external 1TB drive.
View 9 Replies
View Related
Jan 5, 2010
I've just started using ubuntu one. However, some of the files I store on there are sensitive so I encrypt them using seahorse. Right click, encrypt etc etc. My question is, is there a way to automatically get the encrypt process to delete the un-encrypted file when it makes the new encrypted copy?
View 6 Replies
View Related
Jul 14, 2011
there are some configuration files where linux require the password of application user, to do something.how can i to encrypt the password in these files? Or how can i to store that password in encrypted file and retrieve it in secure mode?
View 2 Replies
View Related
Apr 23, 2010
Is it possible to have the passwd file for svnserve encrypted, rather than store the usernames/passwords in plain text?
View 3 Replies
View Related
Jun 4, 2011
brand new 2 Ubantu & set up standard Ubantu compartment accessed via 1 user name only and password. 1st few times all good but now suddenly, unexpectedly password declared invalid. Had written down password so it is correct & not entry error. Not know how to reset password or bypass 'username/password log on screen' Am on an Acer 5542G with windows 7 home premium.
View 3 Replies
View Related
Nov 3, 2010
I recently installed vsftpd on my server. I noticed that users on the machine can login into vsftpd with their username and password on the machine and go to their root dir "/home/username".Now, I want to give some people a vsftpd username and password so they can upload and download files and folders to their folder, but this folder has to be in the "/var/www/(username)" folder. I don't want them to be able to go to any other folder than their own folder like "/var", "/etc" or "/home" etc. Also I don't want them to be able to login on the machine as a user, through putty for example. They should only be allowed to acces their folder with vsftpd, nothing else.
View 1 Replies
View Related
Jan 21, 2010
I'm new to networks and servers, been using Linux on the desktop for a while now but always relied on the company's IT guy for setting up everyting LAN-based.
Now I want to build up my home LAN, and want to do it with Linux. I've managed to set up LAMP and file share servers.
What I am looking for is information on what I need, and how to set up a server for the following tasks:Centralized Username and Password, that when the user logs into any one of the desktops in the LAN, it uses this for authentication
Something that allows this authentication to be utilized in other servers (file access, web access, router logging, etc.). Something to make it easier for continuing permissions from one service to another. e.g. I have IPCop filtering content, and it has provisions for tracking who is making which request if there is authentication going on. (optionally) to run a script for mounting Samba shares or mapped network drives so from one system to the next. For example, in whatever box somebody logs in, it mounts a server share ("smb://Myserver/users/<username>") to a local folder ("my_user_share").
So;user "fred" ="smb://Myserver/users/fred" and user "wilma" = "smb://Myserver/users/wilma" but both would find their respective one mounted under "~/my_user_share". This would be irrespective of which box they are loggin in with. If the server share location changes (new server/servername), I change it on the server so the next time they log in it points to the right place.
I guess it is similar to Window's Active Directory, though I'm not sure what it's called, how to configure it and what it is and is not capable of doing.
View 2 Replies
View Related
