I am not very security minded...I'm aware of it, and always made sure I had up-to-date overall protection in Windows but firewalls, and the blasted passwords are largely a thorn in my side!When I got my iPhone last year I suddenly discovered password managers & "wallets" to keep all that kind of information in and syncable across different devices. My life got so much easier. Of course now I need to figure out encryption keys, and how they work (I'm clueless). I also need to find a program or system that I can move my existing low-tech info (mailnly user name & passwords) that will also accomodate the increased needs of Ubuntu security and still be sync-able. I started a little research weeks ago, but my current "wallet" only exports .csv so I quit since I'm going to have to do a lot of data entry whatever I go with.So here goes:
1) what is the difference (bare bones) between using an encryption key (e.k.) vs. a standard user created password? what situations are better suited for e.k.?
2) I have seahorse (default intall with Ubuntu I guess) but the only thing in it is Login under passwords which leads to a login keyring (?) and a drop-down list of about 6-10 of the gazillon passwords I use daily. The other tabs are for keys which I don't have any concept of.
3) I know FF also "remembers" user id & passwords as you choose to have it do so. Is that information transferable into seahorse or another program?
4)I'm also (today) getting ready to really set up my system for user names & security across my little home network. How can I integrate that into whichever program/app I go with to store my pwds and keys?
5)give me links to fairly current documentation on this stuff?
6) Any program/app recommendations.Pros/cons uses, what they can & can't do or be used for, etc.
Im a total beginner when it comes cryptography and networking. Finally managed to create a connection with OpenVPN on Ubuntu to a vpn provider called ivacy. On this page:http://ivacy.com/en/doc/user/setup/winxp_openvpn they give configuration files and keys, which I used. The question is, if someone wanted to see my network traffic, could they do it using the keys provided on that page. Reading the OpenVPN documentation i saw that it is also possible to create your own keys. Would that be more secure?
I generated RSA keys on Karmic, added the id_rsa.pub to the authorized_keys file on FreeNAS, then removed the id_rsa.pub from Karmic (this is a poorly documented but necessary step I learned).My Karmic username is shawn, FreeNAS username is shawnboy.from Karmic it prompts me for my RSA key passphrase which it should do, but after I enter it, it fails and moves on to prompt me for my password. I know this isn't a FreeNAS forum, but this works perfectly using Putty SSH with RSA keys on Windows XP, so I figure it's more appropriate to ask here than in FreeNAS forums.
Scenario 1. I am doing this from /home/deploy directory I am trying to set up ssh with github for capistrano deployment. this has been an absolute nightmare. when I do ssh email@example.com as the deploy account I get Permission denied (publickey). so may be the key is not being found, so If I do a ssh-add /home/deploy/.ssh/id_rsa Could not open a connection to your authentication agent. (i did verify that the ssh-agent was running) If I do exec ssh-agent bash and then repeat the ssh-add then the key does get added and I can ssh into github. Now I exit from the ssh connection to my server and ssh back in and I can't ssh into github anymore! Scenario 2 if I login to my remote server and then cd into my .ssh directory and ssh into github then it all works fine I guess there is a problem with locating the key and for some reason the agent isn't funcitoning correctly.
My primary Ubuntu server has SSH exposed to the internet so I can remotely access it. I have configured OpenSSH to use only RSA key authentication. Each computer I use has a separate RSA key unique to it. I also have a unique RSA key on a USB thumb-drive I carry with me. The purpose of the USB key is for emergencies if I have to access the server from some remote system. The problem is that I may not trust the remote machine (university/public library computer for example).
What I would like to do is have a set of one-time use RSA keys that, after I log in to SSH with them, are removed from the authorized_keys file. This would hopefully keep my system safe even if the remote machine I was using was compromised and had copied my private key and key-logged the password I used to decrypt it. I would like to have these keys be separate from the keys I have for my trusted computers.
I have enabled ssh key based logins for one of my servers and disabled normal password based logins. It just occurred to me that the public key which I generated on my pc, and uploaded to the servers authorized_keys, may in fact only apply to my local PC / user account. So basically if my system crashes I would have no way to login to the server...? Is it not possible to "share" public keys so other people (PCs / accounts) can use them?
I've installed the ssh server on my Ubuntu desktop and the very first time I accessed the server from my laptop, it got a message asking me whether to permanently add the key of the server. After I added this, it gave me a message saying that the key had been permanently added. My question is how do I remove this key? I just want to know how to do this because I'm going to disable password based logins and I want to start anew.
What is the easiest way to encrypt plain text content with a password only? I need to encrypt client login information, but I hate dealing with all the unnecessary complexities of Linux's encryption systems.
I know I am going to get a bunch of people telling me how perfect Seahorse and whatever is, but Seahorse and the default /home directly encryption have both given me too many problems when decrypting my information. I prefer to preserve my data rather than using these methods.
I recently upgraded to Ubuntu 10.04. I love the passwords and keys application, but was somewhat surprised at the lack of a context menu in gnome to encrypt a file.
In general, I cannot find how to encrypt files using the keys I generate. Maybe I'm missing something? Probably, I just thought since Ubuntu comes with OOB key generation it would have OOB encryption capabilities.
I've read about seahorse and other ways to ADD encryption, I'm just wondering if ubuntu does it natively. It'd be a good idea to add to brainstorms, right click and encrypt.
Ubuntu 10.10 Server is loaded. Openssh has been loaded.
I have multiple users which need access to server via ssh.
My impression from reading about ssh is that a key needs generated for each person. Thus, each key will have a passphrase that is unique to them.
In /etc/ssh/sshd_config, the default sshd_config suggest using:
My assumption is %h is a variable that will allow the current user to use the public key stored in his home directory under the .ssh folder in a file called authorized_keys. Is their a command string that automatically populates the authorized_keys file?
I am surprised that even though there are a number of hidden (e.g. .****) files located in the home folder, there is not one automatically generated as .ssh. It appears I have to create that directory myself. I am especially surprised by this since it appears the instructions for generating a key seems to load the key in the home directory instead of proceeding to create a .ssh folder to store the keys in.
It is not clear, but it appears that the public key needs to be copied or appended to the authorized_keys file, but, using the scheme above, the public key needs to be copied or appended to each users authorized_keys file instead of appending all public keys to a single authorized_keys location.
It then appears that each persons authorized_keys file needs permissions set to 600.
It also appears that if I decide to use RSA instead of DSA, I would do the same thing above but would use authorized_keys2 file instead.
Why doesn't the home folder which gets automatically set up for each user automatically get a .ssh folder generated? i.e Why does it have to be created by hand? Does it need the same permission on the .ssh folder? ie 600?
My aim is to allow many to log on via ssh simultaneously and then allow many to simultaneously vnc into their respective gnome desktops.
At the moment we have one SSH server with the private key being on a usb flash drive, and the public key being on the server in authorized_keys2. Now that three more servers are coming online, should we generate new keys, so we have muliple private and public keys (one pair for each server), or use the same two keys to access all the servers
I am using Nautilus to connect to an external server. Currently, I use password authentication, and all works fine. I just type sftp://SERVER and the connection is established after providing the login credentials. However, I changed the server to only accept Public Key Authentication and disabled password authentication, and as a consequence I could not login using Nautilus anymore. Is there some way to make this work?
Since I have installed Fedora 13 it seems that I can't connect to WLAN APs which aren't secured by WPA. I'm surprised about the inserts to the messages logfile:
Most surprising insert for me: Jul 5 20:43:21 nbtobiaslnx NetworkManager: <info> Config: added 'key_mgmt' value 'WPA-PSK' Is this the reason for my problem? I use KDE and Network Manager for managing my networkconnections.
I am trying to lock down a server using audit.rules. I intend to use ausearch to review certain entries from time to time. I noticed that it's possible to assign a "key" to each rule and then use `ausearch -k` to show only the records that have that key.Unfortunately, the key feature seems broken. I started with the following rule in audit.rules:
Code: -a always,exit -F arch=b64 -S open -S openat -F exit=-EACCES -k deny I do a `cat /etc/shadow` and a `ausearch -ts today -k deny` and it seems all went well.
When a user that has rsa public key set in ~/.ssh/authorized_keys file logs in via ssh an sshd process is started to handle the ssh session.Periodically we audit the authorized keys and remove them from the system and authorized_keys file. This means the next log in attempt will fail, which is fine.However we need to terminate current ssh sessions in progress that use the rsa key.I have not been able to determine a way to map sshd processes with authorized_keys entries.
Ive been running ssh to log into server for long time. Recently a x-win app reported that it suspects a man in the middle attack (MiMA), so I want to tighten this up, but it seems to me if there is a MiM, then the initial key exchange is vulnerable to a substitution. This is on solaris, but since its a basic concept I'm ot getting, it shouldnt matter,
Here's the gist of what I read:
- create users key pair, - enable host authentication (ssh_config file on client and sshd_config file on remote host) - start an ssh session and accept the remote hosts key (and I assume the remote host will take client users key and store some where)
1. What's to stop the MIM from making a substitution of keys during the initial exchange?? Shouldn't the keys be initially transfered in a more secure fashion??
2. Does the server just accept new keys from any existing user who want to create an ssh session? So if some one knows a username and password (such as the owner of an application they know is running) couldn't they just create their own keypair and have the server accept them?
I don't know if this is a configuration issue or a hardware issue, but I have a Kinesis Advantage USB keyboard and for some reason the F3-F5 keys aren't responding as they used to. They don't respond to anything and, when I tried using F5 on Emacs, it said <XF86AudioNext> is undefined, so I guess it's a weird mapping problem.
Any idea how I could remap them to the original meaning?
I know this has probably been asked too many times here but I need to secure my emails. Personal matters of course. But yeah. I use the program "Password and Encryption Keys" to generate a key to sign my emails with but I do not know what to do. To be blunt, I'm stupid when it comes to this. IF not, steps in creating a key? and giving it (my public key) to the significant other? Finding where both keys are? Implementing it into Thunderbird? If it helps any here's some extra information: Ubuntu distro: Ubuntu 10.04 Email client: Thunderbird
I'm running Debian (Squeeze) and I have a toshiba portege m700. It has five buttons on the front just under the screen, which are the only ones accessible when you flip the screen over into tablet mode. One of them is for rotating the screen, and another is for switching to external display. I want to remap the remaining three to control, alt and super so that I can use shortcuts with the stylusThe problem is, when I used showkey to find out the key codes, I found out that each button generates more than one key code:Button 1:
key 126 press >> super_r, although this is distinct from the actual super key (125) key 7 press >> 6 key 7 release key 126 release
When I hit the "S" key it opens up the power menu up in the top right corner and when I hit the "M" key it opens up the mail menu on the top panel. How can I use these keys to actually type not open those menus.
I try to import a key from a keyserver when I add a repository to software sources, it just tries forever and times out. For instance, following the instructions here: [URL]... to add the key "CE49EC21" for the ppa:mozillateam/firefox-stable. Whether I do it in the terminal:
Code: sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys CE49EC21 or by clicking the link on their page, I get nowhere. I've had this problem with other keys from keyserver.ubuntu.com too.
It suddenly occurred to me today that maybe my router is the problem. It has a draconian firewall built in. (For instance, it won't allow incoming bittorrent traffic without me explicitly opening ports.) So maybe, since I'm trying to receive a key, it's preventing the key from coming in? Does anyone know why I'm having this problem getting keys?
I setup keyed ssh between two of my computers on my lan. It was working great. I used Ubuntu's Passwords and Encryption Keys tool to generate the key.
Yesterday I tried rsync'ing a grip of files to the ssh server and couldn't get it to work, I figured I was just messing the rsync command up. Today I just tried to log in using ssh and it just hangs there after I type the ssh command.
With verbosity on it stops at checking the blacklist file. Does this mean it decided my key is one of the badly generated ones? Why would it decide this now I thought it was supposed to catch that when generating the key.
Also I just checked that file it's trying to check doesn't even exist. Should it?