Ubuntu Security :: No Password Required For Encrypted Emails?
Apr 25, 2011
I'm running Thunderbird with Enigmail, and I have this very annoying problem. When I open an encrypted email for the first time, it asks me for my key password. It then remembers my password. This is fine for a few minutes, since I don't want to enter the password every time if I look at seven emails in five minutes. However, I WOULD like it to EVENTUALLY forget. At the moment, it doesn't even forget if I shut off Thunderbird. I have to restart my computer, in fact.
The preferences for Enigmail don't help. I've configured it to remember the password for 0 minutes, for example. I don't know how to edit the preferences for gpg-agent or anything else like that.
View 2 Replies
ADVERTISEMENT
Jan 31, 2010
There was a recent thread in this forum regarding capturing of SSH passwords via the use of wireshark. The thread subject was closed, which is a decision that I both agree with as well as agree with the reasoning behind. The thread, however, raised a point of curiosity and concern that I would like to ask about. Quoting from a the book, SSH, The definitive guide,
The client authenticates you to the remote computer's SSH server using an encrypted connection, meaning that your username and password are encrypted before they leave the local machine. The SSH server then logs you in, and your entire login session is encrypted as it travels between client and server. Because the encryption is transparent, you won't notice any differences between telnet and the telnet-like SSH client.
I was under the impression that SSH was impervious to this type of eavesdropping, and quite frankly I take great comfort in that idea. I personally, only allow RSA keys for SSH access and (hopefully) avoid this problem (?) as a result. Does SSH really have a vulnerability in that the authentication is sent via plain text? How to ensure the security of SSH and not on anything that could be considered a how to 'crack' it.
View 6 Replies
View Related
Mar 10, 2010
When I first installed 9.04 (from scratch), I chose the option to have my entire account encrypted... I used the same password as my login password, and wrote down the key hash that it displayed for me just like instructed... everything was working terrific...Well, yesterday, I wanted to change my account password. I changed my account password, and it took effect immediately (I tested it by using "sudo -s" to see if I could elevate to root from the terminal... worked just fine). Being satisfied with my new password, I shut my computer down...
The next time I started it up and tried to log in to my account, it I put in my username and password and pressed enter, and it accepted it just fine, and started to boot to my desktop... it then immediately prompted me with something about "your session lasted less than 10 seconds, try starting in failsafe mode" or something along those lines, and immediately booted me out and back to the gdm login screen... I thought it was just a glitch so I tried again... same thing... gave me the "less than 10 seconds" prompt and booted me back to the gdm...
I thought maybe my filesystem became corrupted, but I didn't give up... I attempted to login to my fiancee's account, and it worked just fine! Using her account, I was able to quickly and safely boot into her desktop environment with no errors...I opened a terminal and used the "su" command to access my account... When I did this, it gave me some kind of error and told me to run ecryptfs (can't remember exactly which command... now). I ran ecryptfs and put in my NEW password... it told me that the passphrase was incorrect. So just out of curiosity, I ran it again, and this time put in my OLD passphrase, and it worked immediately! At this point, I realized that my gdm login password got changed, but my ecryptfs passphrase did not, and the two were not matching up (I assume that on login, gdm passes this password on to ecryptfs, and that when the two did not match up, it was booting me out with the whole "session lasted less than 10 seconds" prompt...)...
So what I did at this point was, while logged into my girlfriend's account, I "su"'d into my account, and used the passwd command to change my password back to my OLD password... once the password was changed back successfully, I restarted my computer and tried to log into my account from the gdm... worked perfectly this time with the old (original) password...When you change your session password, shouldn't it automatically change the encyrption password to match? Or at the very least, warn you that if your account is encrypted, you must take further steps to make these two passphrases match? Also, what command would I use to change my "ecryptfs" password to manually match my session password?
View 4 Replies
View Related
Nov 27, 2010
I've created encryption systems on servers, but nearly always I have stored the password somewhere on the machine itself. The file is always 0600 to the relevant user, but a systematic analysis of my system could easily find the scripts that invoke decryption and discover the password. (The most blatant example of this is mounting SMB shares with the "-o credential_file" option where both the username and password are plain-text. In the cases where I've used this, the security of the share hasn't particularly mattered.)
Soon I might be faced with storing "patient health information" (PHI in the healthcare world) whose privacy is heavily regulated by the provisions of the US law called HIPAA. I've been thinking about creating an encrypted partition to hold the PHI, but I need a highly fault-tolerant method for obtaining the key from a different machine than tha server itself. At first, I thought about running a script using scp and shared keys to copy the key from the remote, use it to decrypt the partition, then erase it. I'd like to be able to do this with a pipe; otherwise I'll write the key in a non-persistent location like /dev/shm.
I need more than one machine to make this work to ensure I can obtain the key when needed (like at boot). One solution is to place copies of the key on multiple servers and try each of them until I find it. A more elegant solution would place the key in a DNS TXT record. I suspect I could use LDAP for this as well, but OpenLDAP and I have never really been on speaking terms. So does this make sense? I presume I can write a bash script to do all this at boot. Most of what will be stored in this partition is the PostgreSQL database in /var/lib/pgsql and perhaps some other files.
My understanding of encrypted file systems is that they are only encrypted when unmounted. When mounted they must be as visible to the operating system as an unencrypted partition. I suppose you could apply encryption to every single disk transaction, but that would require knowing the key all the time, and would seem to add a lot of overhead.
View 1 Replies
View Related
Apr 12, 2009
I have F10 installed on my laptop with disk encryption enabled. When I boot the machine I get a "Password:" request on screen but can't start typing for 30 seconds or more.Presumably the OS is not ready. This means I have to wait at the keyboard tapping a key until I see asterix. It's a waste of time and frankly a bit clunky for a modern OS. How can I change the behaviour so that the "Password:" request only appears when I can actually type?
View 4 Replies
View Related
Mar 7, 2011
I installed Ubuntu 10.10 64 on my laptop with the entire 500gb setup as encrypted LVM. This has worked well for several months with no problems. During this time i have been backing up the data to an external usb drive (1tb) on a regular basis. The usb drive was not encrypted. So, I thought it would be a good idea to encrypt the backup drive too. I wiped out the backup drive and set it up as one large encrypted lvm and mbr. This seemed to work fine but immediately afterwards I decided to erase that and set it up as encrypted lvm guid instead of mbr. I couldn't delete it while logged into my desktop so i decided to do it from a bootable gparted usb stick. In gparted i erased the 1TB backup drive once again and planned on setting it up the way I wanted once I was logged back into my ubuntu desktop. Now I cant boot into my desktop with the following errors:
cryptsetup: evms_activate is not available b0d) does not begin with /dev/mapper/
Then after waiting for a few minutes I get an error followed by (initramfs)
When booting from a live version of ubuntu the 250MB boot patition is recognized and 500 partion is there but it is labeled as empty/unused.
Also, I did choose to use the exact same passphrase as what is used on the main bootable drive when I set up the encrypted partition on the external 1TB drive.
View 9 Replies
View Related
Jan 5, 2010
I've just started using ubuntu one. However, some of the files I store on there are sensitive so I encrypt them using seahorse. Right click, encrypt etc etc. My question is, is there a way to automatically get the encrypt process to delete the un-encrypted file when it makes the new encrypted copy?
View 6 Replies
View Related
Dec 9, 2010
During the installation of 10.04 I opted to have my home folder encrypted. I no longer want my home folder to be encrypted. How may I achieve this ?
View 5 Replies
View Related
May 13, 2010
Well I have tried everything I can think of and anything on a google search.What I'm trying to do it secure the phpmyadmin folder.I put a .htaccess file in /usr/share/phpmyadmin.I can still just can't get it to pop up a required username and password.
View 4 Replies
View Related
Mar 25, 2011
I upgraded from 9.1 to 10.04 and now if I leave the machine for 5 mins the screen darkens and I am sked for a password. I already use my password to log on on and this nre request is becoming a dammed nuisance. Can someone tell me how to stop it from happening. I can't even go for a leak without having to reenter my password.
View 4 Replies
View Related
Jun 10, 2010
I don't require any password at boot but to resume after the screen saver I have to log in. The prompt references dabuntu. I have tried the normal settings with no luck.
View 5 Replies
View Related
May 5, 2010
is there a way to get rid of the required password after i go away from my computer for 10 mins and the screen goes to sleep? It's getting really annoying
View 2 Replies
View Related
Sep 9, 2010
Running Lucid. Every time I hibernate, when I come back, it requires entering a password. I would like to disable this.In the config editor, under apps -> gnome-power-manager -> lock, I've already unchecked _everything_ there, and it still asks me for a password after hiberate.
View 1 Replies
View Related
Nov 23, 2010
I would like to set up a TOR relay and add a password so only those that have the password is able to browse the web using my ip.
View 5 Replies
View Related
Mar 14, 2010
Im using gmail with https always turned on but what programs can i use to easily encrypt emails? Is pretty good privacy easy to use?
View 9 Replies
View Related
Nov 28, 2010
Evolution works fine for receiving mail, but I cant send anything.When i hit "send/receive" itll receive but ask for smtp password every single time. My understanding is that the password is your email password, but it wont accept it.
View 4 Replies
View Related
Nov 2, 2010
I am trying to set up a SSH key between servers so no password is required when I have to "scp" files between the two. This is what I have tried so far but still requires a password:
Code:
ssh-keygen -t rsa
scp /home/<user>/.ssh/id_rsa <server2.com>:/home/<user>/.ssh/athorized_keys
When I scp after this I wasn't expecting to need a password but it is still prompting. Now I have used this same method before and it has worked great. The only difference this time is server2 is not in the same cage.
View 4 Replies
View Related
Oct 4, 2010
I'm new to linux and that forum, so a (possibly) silly question: I installed couchdb 1.0.1 w/ ymp (one-click) from http://software.opensuse.org/search?...3A11.2&lang=de and when I try to start it like /etc/init.d/couchdb start or sudo -i -u couchdb couchdb I am asked for a pwd, which I never put in. tried several standards or my own already. Didn't find anything in any documentation. Am I doing something wrong here?
View 6 Replies
View Related
Nov 8, 2010
I have a .rar in my Downloads, I want to unrar this file to my Music folder, but the .rar is encrypted and requires a password.
I've tried a few commands like this:
Code:
But it tells me no files to unrar.
View 3 Replies
View Related
Aug 9, 2011
I'm trying to work on the SmashTheStack wargame on Ubuntu, and I'm stuck at level 1 with using John the Ripper (JTR). I got the encrypted password and was able to run JTR on it using
Code:
but the output is
Code:
I'm pretty sure that the 'trying:' part is supposed to be the attempted passwords, but this one doesn't work, and this is the only one that gets output. When I run
Code:
I get
Code:
Which I'm guessing means that nothing happened.. what am I doing wrong, and how can I get it to work?
View 1 Replies
View Related
Dec 4, 2010
I'm running Evolution 2.30.3 on fc13.x64 and I've been getting a funny problem for a while, that now really annoys me:
even if the settings for my hotmail account are correct, Evolution will ask for the password every time I log in. Also, since I keep it open, after a while (~30 minutes) it "forgets" somehow the password and asks for the password again. This time, anyway, it won't work and I have to reset Evolution again.
Bonus question: even if hotmail is configured correctly for receiving and sending (smtp.live.com etc.), it won't send email, but will remain stuck on "sending".
View 2 Replies
View Related
Aug 1, 2010
Recently a friend received a couple of emails from someone she knows with web links that purported to be about health issues. She clicked through on two of them; one gave an error, and the other went to a ****** site, so she believes these are "virus" sites. And the person who "sent" the email has just confirmed that his account was "hacked" (I'm guessing actually a virus on his computer). So, two questions:
1) She's running ubuntu 10.04. Is there any reason she should have concerns about her system's security? rkhunter gives no warnings.
2) She is also concerned that it could have compromised her email account (on gmail). I don't see how this is possible, but can anyone confirm about that?
View 1 Replies
View Related
Sep 5, 2011
Since we switched our server to Squeeze, I'm receiving emails from the cron about a mysql error (...can't use locks with log tables). But this is not the issue I want to talk about here. The issue is that since the executed command is: /usr/bin/mysqlcheck -uroot -pmypassword --all-databases --check-only-changed --silent which is a command that was automatically added to the cron by the mysql package (I believe), the password is sent in clear text in the email's subject. In my sense, this is a serious security issue (sending root password in email subject...)
I don't know at what level it should be corrected, but it seems to me like it should be corrected in the Debian distrib, shouldn't it ?
And for now, how can I hide the password in the emails I receive ?
View 1 Replies
View Related
May 5, 2010
Didn't know where to post this as it doesn't really call under desktop or installations haha.Anyway, I have a bit of a problem. I've Installed Ubuntu 10.04 with and encrypted LVM password and it went on ok. When booting up the computer it comes to the screen where you enter your password to unlock the LVM which looks great.However after installing the NVidia graphics driver for the laptop and rebooting, the LVM password entry screen seems to be too big to fit on the screen, not looking very good....
View 5 Replies
View Related
May 31, 2011
I have written a script to run commands on remote servers, it is working fine. But when I am running "sudo commands" on the remote servers, it asks for me password after prompting for ssh password. I am unable to automate this password prompt (which is just after ssh password prompt). This is the function I am using to provide passwords
Code:
pass ()
{
cd $DIR/"$dt1"_"$dt"
/usr/bin/perl << 'EOF'
use strict;
[code]....
I want the same function to be used , when it expects for sudo passwords for any of the below lines:
Code:
[sudo] password for vikas: orPassword: This is my "cmd" file passed in pass () function.
Code:
ssh -t -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no 192.168.1.100 "bash rcmds"
This is my script output
Quote:
[vikas@box1 ~]$ ./rscript.sh
++ rm -rf /home/vikas/May_31
++ mkdir -p /home/vikas/May_31
++ set +x
[code]....
how to automate the password prompt required for sudo commands.
View 8 Replies
View Related
Jun 17, 2009
i have recently installed thunderbird on my fedora 11 box and so far so good. i am interested in encrypting my emails and digitally signing them as well. does anyone have documentation as to how i can do this? i messed around with it last night but i was not able to import a valid certificate.
View 14 Replies
View Related
May 19, 2009
I'm looking for a solution for sendmail to limit the number of emails send per miniute per IP. For example all my local computer user with ip 192.x.x.x need to able to send 10 emails/minite (emails, not connections!. The rest of the world can send for example 200 emails/minute to the mailserver. If the amount of emails per minute is exceeded, sendmail needs to block receiving emails from the spesific IP. I want to do this to stop spaming from my local network. Is it possible?
View 1 Replies
View Related
Jun 26, 2010
Would it be possible/advisable to add a note to the security emails if an updated package is also part of the multilib install? I know with this last round of updates, seamonkey-solibs and cups are a part of multilib. I snagged the 32bit versions, converted them, and upgraded. It's kind of hard to keep track of which packages are a part of multilib.
View 1 Replies
View Related
May 8, 2010
I've set up a Lucid system with software RAID and encryption, with three encrypted partions - swap (/dev/md1), the root filesystem (/dev/md2), and /home (/dev/md3). The unencrypted /boot partition is /dev/md0.
This works well but the passphrase had to be entered three times at bootup. Obviously it would be preferable to enter the passphrase once to unlock the root partition, then have the others unlocked via key files. So I added key files to the swap and home partitions and modified /etc/crypttab to use them:
Code:
md1_crypt UUID=8066adbc-584c-4766-b188-bc2a7b61a2f0 /root/keys/swap-key luks,swap
md2_crypt UUID=bac82294-f3b9-45e4-89ad-407cf8b19b7b none luks
md3_crypt UUID=7d82a0b7-c811-4cc3-9fe7-1961c74b5ff2 /root/keys/home-key luks
The key files are owned by root and have 0400 protection. (The /root/keys
[Code].....
Since the swap partition is no longer referenced in fstab or crypttab, why is there still a bootup password prompt for it? What else needs to be done to stop it?
View 1 Replies
View Related
May 14, 2010
I want to have /boot as an ext2 (I don't need journaling and I might want to undelete something) and all other partitions in an LVM.When the server starts it will prompt me for the LVM password. I would like to be able to contact the server using SSH (or using another secure method) and tell the password. Since /usr/sbin and all the other partitions are inside the LVM I guess I have a problem?
Is it possible to setup something like this? The SSH session for the LVM authentication does not have to be a daemon. It can be something which just sits and waits until I connect and input the password. And then the "real" SSH deamon kicks in.
View 3 Replies
View Related
