what purpose does it serve to use a passphrase? Once the keys are generated the passphrase isnt used? Or what am I missing??? I did not use a passphrase and understood that there was no security implications of not doing so. Is this correct?
View 6 Replies
Just wondering if Ubuntu has an Accessibility equivalent for sticky keys and mouse keys.
View 1 Replies View RelatedI don't know if this is a configuration issue or a hardware issue, but I have a Kinesis Advantage USB keyboard and for some reason the F3-F5 keys aren't responding as they used to. They don't respond to anything and, when I tried using F5 on Emacs, it said <XF86AudioNext> is undefined, so I guess it's a weird mapping problem.
Any idea how I could remap them to the original meaning?
I'm running Debian (Squeeze) and I have a toshiba portege m700. It has five buttons on the front just under the screen, which are the only ones accessible when you flip the screen over into tablet mode. One of them is for rotating the screen, and another is for switching to external display. I want to remap the remaining three to control, alt and super so that I can use shortcuts with the stylusThe problem is, when I used showkey to find out the key codes, I found out that each button generates more than one key code:Button 1:
key 126 press >> super_r, although this is distinct from the actual super key (125)
key 7 press >> 6
key 7 release
key 126 release
I'm trying to add a key to a new slot from a keyfile that I created, but I keep getting an error and I don't know what the problem is.
Code:
root@ubuntu:~# cryptsetup luksAddKey --key-slot 1 /dev/sda5 -d /media/Ubuntu_10_04/etc/cryptkeys/swap.key
No key available with this passphrase.
content of swap.key
Code:
nBPeNCr_PS-yEv5SYEyyzaEextllDLo7aHs7yZGW9dtC48GDlte6WYQe7iG2poJr84U6twxu1DImZcyoBPB1q1AjYAanPsre7qLr7VnN4G6u1x_WG-sja6U_pvnks9CTgcD4UmfBw9mkrU3YY4GknQXtpLvkiBkM1soJ0SYYQ2r-7CDZJvaiYJb9eOKKbMsjlrEG39IBdQwdcEp3D7PK5paTYZdVHU2ygrJvJy-sJly4oqb2274DO8hbYviQsPdawetglkhhhhhhh98h4erwjerfkasjnfhsahfocLnBPeNCr_PS-
[code]....
I am a noob who is playing around with setting up a home print/file server using Ubuntu Server 10.04. I have successfully setup the server and am now configuring the SSH server so I can control remotely.
I have setup RSA keys with a passphrase as outlined in the SSH - Ubuntu Community Documentation. However, when I log in remotely I am only asked for the passphrase the first time. Any subsequent log-ins simply take a few seconds to connect without any passphrase request. After restarting my laptop (that I use to connect remotely), I am again asked for the passphrase only the first time and subsuquent logins are without a passphrase. I would like to know if this is normal and if there is a way to have passphrase requested on each login.
I installed ubuntu 9.10 to a fresh partition on a HD that already contains a windows xp. During the install I opted to Require my password to login and to decrypt my home folder, (don't ask why, I regret it already). The install went well, I think, but when it came to reboot time I wanted to check that I could start windows xp from the new grub boot loader. Windows started fine so I rebooted again to try my new install of ubuntu. Now the system seems to get stuck at the little spinning wheel icon. I tried to boot to recovery shell but after entering my name and password I get:
Unable to cd to '/home/myname'
I rebooted using live cd. And mounted the file system as root. Now I have chroot ed into the system but that's as far as my knowledge gets me. I have googled to find the next step but am not finding a clear answer. I have found this [URL]. And here I see I should have seen a screen entitled: Record your encryption passphrase. But I didn't get to that screen. So is there any elegant solution? or am I destined to wipe the install and start again? Perhaps this problem is connected to the bug mentioned here [URL]. Optional encrypted partitions must be marked bootwait in /etc/fstab
In addition to the above, users who have configured any encrypted partitions in /etc/crypttab to start at boot time (i.e., not using the noauto option) should make sure that the filesystems on these volumes are listed in /etc/fstab if they are not mounted at a standard system mountpoint. Failure to do this on a desktop system will lead to problems from the X server and cryptsetup trying to control the console at the same time. At best, this will prevent the user from seeing the passphrase prompt; at worst it will also cause the X server to spin and consume 100% CPU. (430496)
I'm not sure, my /home is not on a separate partition.
/etc/crypttab is empty
# <target name> <source device> <key file> <options>
/etc/fstab is
# /etc/fstab: static file system information.
# Use 'blkid -o value -s UUID' to print the universally unique identifier
# for a device; this may be used with UUID= as a more robust way to name
# devices that works even if disks are added and removed. See fstab(5).
# <file system> <mount point> <type> <options> <dump> <pass>
proc /proc proc defaults 0 0
# / was on /dev/sda2 during installation
UUID=8e5f54dd-8d79-44da-9ddf-7f4e3bce2a64 / ext3 errors=remount-ro 0 1
# swap was on /dev/sda3 during installation
UUID=32bcb9fc-ff2b-4e37-a259-1bfabee7cee7 none swap sw 0 0
/dev/scd0 /media/cdrom0 udf,iso9660 user,noauto,exec,utf8 0 0
I've set-up a Linksys WPC54G v5 wireless card using ndiswrapper and the appropriate Marvell driver. It seems to work ok. On my other laptop running Kubuntu with built-in wireless the routing all works fine - I just get prompted by Network Manager for the WPA passphrase and I'm away. However, when I try to connect to my wireless router on thix Xubuntu-based laptop I get really odd security options.
When I try to connect I get a security prompt asking me for a bewildering array of information. There are four basic authentication options under "WPA & WPA2 Enterprise": TLS, LEAP, Tunnelled TLS and Protected EAP. None of those offers a simple passphrase, they all have some combination of username & password with certificates and keys. If I try to connect to other networks in my area, some do just ask for a WPA passphrase, not that I know them to check!
So I've connected to my wireless network with the command:
iwconfig wlan0 essid Linksys
But I need to enter my wireless access' passphrase to connect to it. The closest I've come is using:
iwconfig wlan0 key s: PASSPHRASE
...which gives an invalid argument and I've resently found out that this passphrase command is not supported - yet.
Where do one tell Ubuntu to use a passphrase to connect to a wireless network?
- Ubuntu 10.04
i have installed a ubuntu 10.04 (mini iso) w/ option of root encryption. Now i need to boot without ask for passphrase, but im trying to add a luks keyfile without success.i want to use a keyfile in the /boot partition or inside the initrd (cant be in external pendrive), but ubuntu aparently dont accept a keyfile in /boot or initrd file. I know, this way isnt very security, but i just need a basic encryption.So, how to force the use of a keyfile in /boot or inside the initrd for a crypt root partition?
View 5 Replies View RelatedI have loaded ubuntu Lynx 10.04.1 as a dual boot behind XP home. I have wireless connection to the XP os via netgear wireless G router and USB 2.0 adapter. The network connection works well with the XP side. When I boot into ubuntu I am sure I have configured the network properly with the wep key and password and the network signal is alive in the work bar at the top of the screen. When I open Firefox and try to browse to ,say, ebay it asks for the passphrase again then tells me that FF is in work offline mode. When I correct this I get asked for the pass phrase again and the connection is disengaged. It just keeps asking for the passphrase and disconnecting. When I reboot into XP everything works perfectly again.
View 9 Replies View RelatedIs there a way to change the passphrase login screen? It would be cool to change the background and edit the text?
text : Cryptsetup: evms_activate is not avaible
Unlocking the disk /dev/blablablabla
enter passprase
I have written a shell script which amongst a heap of other stuff creates virtual hosts, and consequently also reloads apache, however my problem is that unless I include a restart in the shell script, the reload is causing the server to stop, yet restarting everytime a new vhost is created is not really an option since it will disrupt the service for other users. I know this is directly to do with the SSL passphrase as simply restarting gets everything running again with no errors.
I have configured mods-available/ssl.conf so the SSLPassPhraseDialog directive uses the passphrase file instead of bulletin, hence the restart can work fine from within the shell script, but obviously reload and force-reload must be running some sort of background process which involves reloading the SSL certs or something?? so my question is can I over ride this and if so what directive / params do I use? Im on ubuntu lucid 10.04 server and apache v2.2.14.
I got a little problem upgrading my ubuntu-nas with some storage.I wanted to add a new harddrive to my lvm but I stuck before getting to this point.I want my harddisc to be encrypted before adding it to the lvm.I tried the following:
Code:
# sudo cryptsetup luksFormat /dev/sdb1 -y
WARNING!
========
This will overwrite data on /dev/sdb1 irrevocably.
Are you sure? (Type uppercase yes): yes
... and nothing happens. dmsetup ls returns nothing.
Ubuntu's request for an encryption passphrase on installation could be greatly improved.
After installation, if the option to encrypt the home folder has been checked, Ubuntu prompts: "Record your encryption passphrase".
On running the action there are the following problems:
# When you type a passphrase, your keypresses are not indicated on the screen
# If you make a mistake typing the passphrase, and backspace, there is no way of knowing whether the backspace operation has worked
# The passphrase is typed once and the operation ends. There is no attempt to validate the correct entry of the passphrase by asking for it to be typed twice.
The combination of these shortfalls can be fatal. My last recorded encryption passphrase proved to be incorrect when after a critical failure I was required to enter my encryption passphrase to retrieve my data. It had not been backed up for a while. Ubuntu did not recognise my passphrase. Only after some dogged support from Canonical was the problem resolved.
I've just done a fresh install. I have butter fingers. I inevitably fumbled over the entry of my encryption passphrase. I have absolutely no way of verifying the passphrase I just set. Should Ubuntu ditch another critical failure on me, what do you think the chances are that my passphrase will work?
I considered making my system run the following if an incorrect password is entered 10 times in a row or a specific dead-password is entered.Code:shred /home/.ecryptfs/$USER/.ecryptfs/wrapped-passphrase.Because ext4 doesn't journal the contents of the file, only the metadata, the file would be shredded and it would be impossible to recover the encrypted home folder even with the password.Is there a simple way I could make GDM check this or would I have to patch and recompile GDM for something like this to work?
View 1 Replies View RelatedIs there any way to only have one passphrase prompt when using multiple LUKS partitions? Well there must be, as that's how Fedora does it - it asks you once, and tries that passphrase on every LUKS volume (with a nice plymouth prompt), I just don't know how to do that on Wheezy. Don't say I have to nuke my install and use LVM instead of regular partitions or put a keyfile on a USB stick. My partition layout is:
/boot (plain)
swap (luks)
/ (luks)
/data (2nd drive, luks)
So I get asked 3 times during boot.
Simply, the number of possible combinations of passwords increases as an exponent of the number of characters used and as a factor of the number of characters available for use.
26 potential characters for a 2 character password results in 26^2 possible password combinations. This means that each new character added would result in an "order of magnitude" increase in the difficulty of brute force attack.
Using a phrase, complete with punctuation and capitalization is the very best mnemonic device to remember a password. Consider this, how hard is it to remember; The quick brown fox jumped over the lazy dog.
Than it is to remember, l33tsp34kp@ssw0rd
If we pretend that both of these passphrases are generated from a character set consisting of 26 characters, the first would be one of a possible 15274273784216769021564085930704478424313742483024 510976. The second would be one of a possible 1133827315385150725554176.
In short, use a passphrase not a password, they are much MUCH more secure.
I am using Fedora 13 x64.I want to removing passphrase from the RSA Private Key then harden the decrypted Private Key.When I tried section 6.6 guide line, I get directory does not exist?I don't know where my server.key is stored.
View 1 Replies View RelatedEvery time I log in to my Fedora 13 system, I am prompted for my SSH pass phrase.
I would like to be prompted the first time I login after booting, but then have ssh-agent continue to run until I kill it or shutdown so I don't have to be prompted every time.
Where do I configure this?
I would like to use a USB key to hold the passphrase for an encrypted /Data partition. A forum search turned up only using that method for / which requires initrd. That's not what I'm after.In openSUSE 11.4 I want to boot normally and then automatically unlock the /Data partition only if the USB key is inserted. I'm assuming this would require some kind of automounting after or during the boot process.
View 1 Replies View Relatedwhen generating RSA public/private key pair, I gave a passphrase to protect the key. When I now want to use this private key in a script to log on to the remote server via ssh and do something, how can I give the passphrase? Alternatively, is it possible to use a different private key without passphrase ? I doubt it, but it doesn't harm to ask.
View 2 Replies View RelatedI need an non-interactive, symetric, passphrase mechanism that can be used on machines beyond my sys-admin control. Currently, I use the Python code (with variants):
Stat, Output = commands.getstatusoutput(
"gpg -c --passphrase=%s '%s'"%(Password, TarFileName))
to encrypt and decrypt files (tar balls). The "Password" is generated by a Python code on a singular removable flash drive. It worked with FC11 and Windows, but with FC13 I get an interactive dialog, which gets canceled, and then: can't connect to `/home/{a user id}/.gnupg/S.gpg-agent': No such file or directory
gpg-agent[3432]: command get_passphrase failed: Operation cancelled
gpg: cancelled by user
gpg: error creating passphrase: Operation cancelled
gpg: symmetric encryption of `testdata' failed: Operation cancelled
The operator does not know the pass phrase. This is a single user mechanism which relies upon the mounting of the special flash drive to work. The application is portable across many platforms and hosts, but can only be used by the possessor of the flash drive.
How can I enable passphrase along with the password for login via ssh ? In that whenever I login from server A to server B via ssh, it should ask me for a password and then passphrase to allow me access.
OR
Can we have multiple passwords to login via ssh ?My basic need is to have 2 levels of password.
I recently installed Ubunutu 10.04 Netbook Remix onto a Dell Vostro A90. During install I selected "Require my password to log in and to decrypt my home folder", and this is working great.
What I would like to figure out, is how to have a second encrypted volume that lives on my SD Card that is also decrypted automatically upon login.
I've tried a variety of things, but they all require me to re-enter my password at some point during the boot/login, once for user login and the other time to decrypt/mount the volume. I am trying to avoid this, and hopefully will only have to enter my password once. Maybe I can piggyback on the default Ubunutu home directory decryption and make it all appear seamless?
When I set up an ID in Ubuntu, I encrypted it. I did a print screen of the passphrase and put it on the desktop. I'm just learning how to use the encryption so don't fault me for putting it right on the desktop. There is no important data in this ID. Now, I went and changed my password to the account. On the next boot, I got a few error message:
Could not update ICEauthority file /home/mickymouse/.ICEauthority
There is a problem with the configuration server /usr/lib/libconf2-4/gconf-sanity-check-2 exited with status 256 In researching these, it looks like the problem is that I changed the password but didn't update (or something) my passphrase.
I can't boot into the GUI but I have figured out how to boot to a command prompt. I don't have access to my home directory because I don't have my passphrase. Am I toast or is there a way to recover / update the passphrase?
I changed the passphrase in my Netgear WNR3500 router. I got the teenager's win7 netbook back online (wireless) no prob by simply changing the security key in windoze and it didn't effect my connectivity but when I attempt to enter my router setup by entering my local IP nothing happens, no response at all. I've rebooted twice and my connection is still very solid but I cannot access the router setup. The ONLY change I made was in the router's "passphrase".Not a big emergency at this point I suppose but I need to know what I need to change in Linux? Or to rephrase, in windoze7 passphrase=security key. In Linux?I can just reset the silly thing I guess but was kind of hoping I wouldn't have to and besides I anticipate the same trouble when setting the passphrase afterward.
View 1 Replies View RelatedI recently started installing Debian and I want to download and install a GUI in it. For that I could use my university Wi-Fi connection. I was told that it's a WPA2 secured connection. But when I tried to configure it, it keeps asking me for a "passphrase". I don't have a passphrase! All I have is my username and password for the Wi-Fi. What should I enter as my passphrase ? I tried both username and password and neither of them worked.
View 4 Replies View RelatedWe have small requirement, we need to connect to ssh server through ey+Passphrase+password. Is it possible to configure this type of authentication in any version of openssh/fedora.
View 3 Replies View RelatedMy friend and I spent two weeks trying to find out why my openSUSE laptop wouldn't connect to his router using WEP. We finally figured out that the KDE networkmanager was not translating the passphrase into the hexidecimal number (default key #1). Once we entered the hexidecimal number, it connected with no problems. He uses Ubuntu on his test laptop (Windows guy). Ubuntu, and kubuntu via live CD, both connected only using the passphrase. I didn't have an openSUSE Gnome live CD to test weather this is KDE specific or not.
View 6 Replies View Related
